Visualize Activity with Log.ic


CloudGuard Log.ic is a tool to search for and visualize events of interest in the network traffic or event activities of your cloud accounts. It gathers and presents information from logs for the cloud accounts, enriched with information from additional sources such as threat intel feeds, and IP reputation and geolocation databases. 

Benefits

  • quickly identify unwanted network traffic, from unknown or suspicious sources

  • identify gaps in cloud security settings or misconfigurations

  • monitor and analyze user activity on your cloud environments for unusual behavior

Log.ic Views

Log.ic combines cloud inventory and configuration information with real-time monitoring data from a variety of cloud platform sources, as well as current threat intelligence feeds, IP reputation and geolocation databases. This results in enhanced visualization that highlights suspicious traffic from legitimate traffic. For example, sources of network traffic from other cloud elements are shown according to type, and malicious external sources are marked as such.

Log.ic can give you near real-time views of network activity.  You can also view and analyze past network activity. You can configure it to send you real-time alerts for specific events or event types that occur in your cloud environment, so that you will be aware and able to respond immediately. 

Traffic Activity

The Traffic Activity view shows you a visualization of network traffic in your cloud environment.  You can use this to identify traffic from unwanted sources, or gaps in network security settings (which you can then fix using other features of Dome9).

Log.ic analyzes network flow logs to visualize the activity on your cloud network. You use queries to filter this information to show traffic of interest. Log.ic includes many common queries, and you can create additional custom queries with a graphical query builder, based on the Dome9 Governance Specification Language (GSL).

Event Activity 

The Event Activity view shows a visualization of event activities in your cloud environment. You can view activities on all of your assets, or filter the view for specific assets or activities. You can use this to identify anomalous activities, from unwanted and potentially malicious sources, or unexpected activities from trusted sources.

Actions

Actions for the Traffic Activity View

Actions for the Event Activity View

Filter Views

Create Alerts

See also

Log.ic Alerts

CloudGuard Dome9 Notification Policies