Explore metrics for traffic flowing through Incapsula to your protected networks or IPs. View statistics for your monitored IP ranges. Examine emerging attacks in real-time, or analyze past attacks up to 90 days back. Gain visibility into bandwidth volume, packet rate, traffic type, and PoP utilization.
The displayed data reflects all ingress traffic — from clients to your origin network.
View protected IPs, IP ranges, or monitored ranges
Filter the graphs
View passed, blocked, or total traffic
Switch the format of displayed data
View real-time or historical data
Check connection status
In this topic:
- Infrastructure Dashboard
Select options for viewing bandwidth and packet rate data. Your selections are reflected in the data displayed in the bandwidth graph (bits per second) and packet rate graph (packets per second), and in the tables below the graph.
View data for your protected IPs, protected IP ranges, or monitored ranges.
|IP Ranges||Infrastructure Protection service: For network level DDoS protection. View metrics for your networks or sub networks that are protected by Incapsula from network layer DDoS attacks.|
|Monitored Ranges||Infrastructure Monitoring service: The IP ranges that are monitored by Incapsula to automatically detect attacks and activate the on-demand Infrastructure Protection service.|
|IP Protection||IP Protection service: For IP level DDoS protection. View metrics for your IP addresses that are protected by Incapsula from network layer DDoS attacks.|
|Ranges||View traffic distribution by protected IP range. Displayed when main view selection is IP Ranges.|
|IPs||View traffic distribution by protected IP. Displayed when main view selection is IP Protection.|
The global distribution of all incoming traffic across Incapsula PoPs.
For the list of PoP codes and locations, see Incapsula Data Centers (PoPs).
|Traffic Type||The breakdown of packet types by common protocols and attack vectors.|
|All||Passed traffic and blocked traffic are displayed separately in the graphs.|
|Total||The sum of passed and blocked traffic is displayed as a unified graph.|
|Passed||Clean traffic that is routed through Incapsula and passed on to your protected network.|
|Blocked||DDoS traffic that was blocked by Incapsula.|
View bandwidth and packet rate data in side-by-side graphs.
Hover over the graph to focus in on a specific point in time.
In the bandwidth (bits per second) graph, you can compare your data to the blue 95% percentile indicator. For more details on calculation of the 95th percentile, see Account Bandwidth Calculation.
By default, the Infrastructure Dashboard graphs display real-time data. Data resolution is 3 seconds.
Select a filter option to zoom in to a specific time frame in the graph.
Or drag the handles on the navigator below the graph.
You can view data for the previous 90-days. Select an option, or choose a custom time period.
You can zoom in to a maximum data resolution of 15 seconds to analyze short attacks.
Click and drag an area of the graph to zoom in. Grab another area to zoom in further.
When zoomed out in the historical graphs, each data point represents the peak values for the time range it covers, such as for the 15 minutes shown in this example.
Check your Infrastructure Protection or IP Protection connection status. Available in real-time view only.
Connection status is displayed in the following format: Connections up x/y (z)
Green: All connections are up. This status is also displayed when monitoring is disabled for all connections.
Red: At least one connection is down.
|x / y||The number of active connections out of the total number of connections.|
|z||The number of connections for which monitoring is disabled. This is not displayed if monitoring is enabled for all connections.|
Displays connection status for each connection.
In this example, 16 of a total of 20 connections are up, and monitoring is not disabled for any of the connections.
Here, there are two connections. Monitoring for both connections is disabled.
In the legend below a graph:
Click an item to show data for that item only.
To multi-select or clear specific items from the view, use Alt+click.
To select all, double-click an item in the legend.
At the bottom of the graph:
Toggle to show actual values or percentage.
Values: Bandwidth in bps. Packet rate in pps.
Distribution: View each PoP, IP range, or traffic type as a percentage of the total traffic.
In the Ranges table, you can view maximum bandwidth and packet rate for all IP ranges, or filter for a specific IP range.
Click an IP range to drill down and display data on the dashboard for that range only.
Note: When viewing historical data and filtering for either passed or blocked traffic, you can select up to a total of 5 IP ranges to view and compare. In the Ranges table, select the ranges you want and then click Apply Selection. The data is updated in the graphs.
View the log of security events detected by Incapsula.
|Infrastructure Protection||Connection up (GRE Tunnel/ECX/Cross Connect/..)||BGP peer connectivity status has changed to UP.|
|Connection down (GRE Tunnel/ECX/Cross Connect/..)||BGP peer connectivity status has changed to DOWN.|
|DDoS event has started||Incapsula has detected a DDoS attack and has started mitigation. (See SLA for further details.)|
|DDoS event has stopped||The DDoS attack has ended. Incapsula has stopped mitigation. (See SLA for further details.)|
|Infrastructure Monitoring||NetFlow traffic has stopped||Netflow/sFlow monitored traffic is not being received. DDoS monitoring is currently inactive.|
|NetFlow traffic has started||Netflow/sFlow monitored traffic is being received properly. DDoS monitoring is active.|
|Incorrect NetFlow traffic||Netflow/sFlow monitored traffic is invalid. DDoS monitoring is currently inactive.|
|DDoS attack detected||Monitored traffic indicated a DDoS attack is in progress.|
|IP Protection||IP is up||GRE tunnel monitoring was able to verify that tunnel status is UP. The protected IP is available.|
|IP is down||GRE tunnel monitoring was unable to verify tunnel status. The IP may be down.|
Tip: Click Export to CSV to download the event log.
Take a closer look at an emerging attack in real-time, or analyze a past attack.
|What should I look at?||What can it tell me?|
|IP range view||
|Traffic type view||
|Compare side-by-side bandwidth and packet rate graphs||
Tip: Filter to see blocked traffic only. Attacks can be multi-vector; filter out the traffic type with the highest value to discover other activity.
Look at overall traffic.
Zoom in on the time frame of an attack.
Switch to View by: Ranges.
Check the graph or IP ranges table to identify the range most impacted by the attack.
Click the specific range in the IP Ranges table to drill down for a closer look.