Top Attacks
The DDoS Top Attacks dashboard gives you insight into the attacks that have been thwarted by that SPP’s or the entire system’s security posture.
The data is filtered by:
- Global or SPP
- Time period of 1 hour to 1 year
- Inbound or Outbound Drops
Available attack reports
|
Reports |
Description |
|---|---|
|
Top ACL Attacks |
Reports drops from ACLs configured via Global Protection. These include:
|
|
Reports |
Description |
|---|---|
|
Top Attacked SPPs |
Drop and Event counts by SPP Note: Top Attacked SPPs is shown no matter which SPP or All is selected for display. |
|
Top SPPs with Denied Packets |
ACL drop count by SPP |
|
Top Attacks |
Drop count for non ACL attacks |
|
Top ACL Drops |
Drop count by ACL rules |
|
Top Attacked Subnets (SPP Policies) |
Drop count by SPP Policy Note: If an SPP has more than 1000 attacked subnets, the first 1000 will be shown. All attacked subnets will be displayed in the Attack Logs. |
|
Top Attacked Subnets with Denied Packets |
ACL drop count by subnet ID |
|
Top Attacked Destinations |
Drop count by Destination IP address |
|
Top Attacked HTTP Servers |
Drop count by HTTP server IP address |
|
Top Attackers |
Drop count by Source IP address |
|
Top Attacked Protocols |
Drop count by protocol Icons in this portal link directly to the attacked Protocol graphs. |
|
Top Attacked TCP Ports |
Drop count by TCP port. Icons in this portal link directly to the attacked TCP port graphs. |
|
Top Attacked UDP Ports |
Drop count by UDP port Icons in this portal link directly to the attacked UDP Port graphs. |
|
Top Attacked ICMP Type Codes |
Drop count by ICMP type/code Icons in this portal link directly to the attacked ICMP type/code graphs. |
|
Top Attacked URLs |
Drop count by HTTP URL (hash index) Icons in this portal link directly to the attacked HTTP URL graphs. |
|
Top Attacked HTTP Methods |
Drop count by HTTP Method Icons in this portal link directly to the attacked HTTP Method graphs. |
|
Top Attacked HTTP Hosts |
Drop count by Host header (hash index) Icons in this portal link directly to the attacked HTTP Hosts graphs. |
|
Top Attacked HTTP User Agents |
Drop count by User-Agent header (hash index) Icons in this portal link directly to the attacked HTTP User Agent graphs. |
|
Top Attacked HTTP Referers |
Drop count by Referer header (hash index) Icons in this portal link directly to the attacked HTTP Referers graphs. |
|
Top Attacked HTTP Cookies |
Drop count by Cookie header (hash index) Icons in this portal links directly to the attacked HTTP Cookie graphs. |
|
Top Attacked DNS Servers |
Drop count by DNS server IP address |
|
Top Attacked DNS Anomalies |
Drop count by DNS server IP address for packets dropped by DNS anomaly rules |
To display the DDoS Top Attacks Log dashboard:
1. Go to Dashboard > Top Attacks.
2. Select the SPP of interest, time period, and traffic direction from the top left corner.
3. Enable the Adjust filter for all tables option toggle if desired
