Analytics: DDoS Protection for Networks and IPs

Save PDF

Feedback

Last UpdatedJan 21, 2025
5 minute read

See top traffic patterns for DDoS traffic on your network that was blocked by Imperva or clean traffic that was routed through Imperva and passed on to your network.

View a breakdown of traffic by source or destination IP, by source or destination port, or by packet size for a specific IP range.

View the analytics

You can access the analytics data in several ways:

For a specific event

At the top of the Network Protection Dashboard, a banner is displayed indicating that there were recent DDoS attacks on your network.

Click Jump to Events Log.
In the Event Log table, in the Additional Info column, click the Analyze attack button to drill-down into a specific event.

Tip: Filter the Event column for the value DDoS event has ended to view all events with Analytics data.

On the drill-down page that opens, analytics data for blocked traffic is displayed in the Top Traffic Patterns section.

For a specific time range

On the Network Protection Dashboard, select a view.
In the Ranges or IPs table, click an IP range or a single IP.
On the drill-down page that opens:
1. From the date filter, select a previous time period or a custom time period. Analytics are not displayed in real-time view.
2. Filter to display blocked or passed traffic. (Not applicable to Monitored Ranges view, which displays passed traffic only.)

Analytics data is displayed below in the Top Traffic Patterns section.

Infrastructure Protection Analytics show the highest peak values and highest average values for the selected IP or range during the selected time period.

For a closer look, zoom in on an area on the Bits Per Second or Packets Per Second graphs at the top of the page. You can zoom in to a maximum resolution of 15 seconds.

The selection is reflected in the analytics widgets below.

Available data

View the following:

Source IP addresses
Destination IP addresses
Source ports
Destination ports
Services (Port, protocol, destination IP address)
IPs and Services (Source IP address, port, protocol, destination IP address)
Packet sizes
New connections per second - incoming connections from clients to the customer origin and outgoing connections from the origin.
Concurrent connections (available for Protected IPs only)

View analytics by region

Once you have displayed the analytics according to the steps above (View the analytics), you can also filter by data storage region.

In the filter box, under Region, select a data storage region.

By default, analytics are displayed for the region that is currently configured for your account. The drop-down displays all regions that were configured for your account at some time during the previous 90 days.

For more details on data regions, see Data Storage Management.

Customize the view

Layout	Select a two-column or four-column layout for the dashboard widgets.
Widget view	For each widget you can select table or graph view, or click the icon in the View column to view that row's data in the graph view.
Peak/Average	View the highest peak or average values for the selected time period.
Table view	View the distribution of traffic for the highest values during the selected time period. Click Previous/Next to see all values. Values over 10% are displayed in bold. Multiple small values are clustered together under the label Highly Distributed.
Graph view	View the distribution of traffic for the highest values during the selected time period. Hover over a point in the graph for more details. Filter the view to zoom in on specific elements using the legend under the graph. For more details on filtering, see Security Dashboard: DDoS Protection for Networks and IPs. Use the up/down arrows to view the full list of items displayed in the graph.