About the Corp Overview page

The Corp Overview page provides an at-a-glance view of all the sites in your corp, including which of your sites:

• is seeing the most traffic.
• is attacked the most.
• is seeing the most blocked traffic.
• has the most flagged, malicious IPs.

In addition to high-level stats, the Corp Overview page provides attack type and source breakdowns, enabling you to better visualize how your sites are being attacked.

Before you begin

Be sure you know how to access the web interface controls.

About the Corp Overview page

The Corp Overview page surfaces relevant data about your corp and its sites. To navigate to the Corp Overview page, click the name of your corp in the upper left corner of the web interface.

The Corp Overview page organizes data about your corp into the following sections:

• Corp cards: cards that represent request metrics as graphs.
• Site Summaries: a table listing the most frequent attack types and sources for a site.
• Top Signals: tables containing signal data.

You can use the Corp Overview page controls to change the time frame over which to display data for the entire page.

Corp cards

The Corp Overview page surfaces request metrics for all of your sites through the following cards:

• Request Volume: the number of requests your corp receives, the number of requests that have at least one attack signal, and the number of requests that were blocked.
• Attack Requests: the number of malicious requests per site. The card displays a maximum of 10 sites.
• Blocked Requests: the number of requests that were blocked. The card displays a maximum of 10 sites.

Hovering over any part of a graph displays a timestamp indictor that updates itself as you move your cursor.

Site Summaries table

The Site Summaries table highlights the most frequent attack types and attack sources (e.g., the regions where the attacks originated) for each site. You can use a search bar to filter the table by site and the site menu to view all sites, sites with attack requests, or sites without attack requests. The table contains these columns:

• Site: the name of the site and the total number of requests the site has received.
• Requests with Attack Signals: the number of requests that were blocked by site alerts and the number of requests that have at least one attack signal.
• Attack Signals: the most frequent attack types for that site.
• Countries: the top three regions where the attacks originated.
• Flagged IPs: the number of IPs with subsequent malicious requests that were blocked due to a threshold of malicious requests being exceeded.

Top Signals tables

The Top Signals section surfaces signal data from your corp in the following tables:

• Attack Signals: displays data related to malicious requests.
• Anomaly Signals: displays data related to abnormal requests (e.g., requests containing malformed data and requests originating from known scanners).
• Corp Signals: displays data related to signals created at the corp level.

You can use a search bar to filter the tables by signal. The tables contain the following columns:

• Signal: the name of the signal.
• Total Requests: the number of requests that were tagged with the signal in your corp.
• Top sites: the sites that had the highest number of requests with that signal.
• Requests per Site: the number of requests tagged with that signal per site.

What's next

Dig deeper into details about the web interface controls.