The Internet Exposure report provides visibility into how your assets are accessed from the internet. You can use it to trace the source of anomalous inbound traffic and view data on open public IP addresses, open ports, open applications, and the number of public IP addresses for your cloud services. This helps you investigate suspicious assets and secure your services.
Prerequisites
The Internet firewall is enabled. For more information, see internet firewall.
Visualized analysis
The Visualized Analysis tab provides real-time insights into your inbound traffic. It displays traffic information for all public IP addresses, an overall traffic trend chart, and top inbound traffic rankings, helping you monitor the details of inbound traffic to your assets.
-
Log on to the Cloud Firewall console. In the left-side navigation pane, choose .
-
In the upper-right corner of the Internet Exposure page, select a time range from the drop-down list, and then click the Traffic Analytics tab.
-
On the Traffic Analytics tab, review the following information.
You can select a predefined time range from the drop-down list or specify a custom time range within the last 30 days.
Component
Description
Actions
IP Traffic
Displays the peak total traffic for your internet-accessible assets.
-
Use the search tool in the IP Traffic table to specify an asset's IP address and view its type and peak total traffic.
-
Click the
icon next to an IP address to display its inbound traffic trend in the chart on the right. -
Click the
icon to go to Log Audit and view the traffic logs for the IP address. -
Click the
icon to navigate to View Internet exposure data and check the exposure details for the IP address.
Overall traffic trend
Displays the real-time peak request and response traffic across all assets.
Hover over any point on the trend chart to view the peak request and response traffic at that specific time. Click a point on the horizontal axis of the trend chart to refresh the IP Traffic table and view the IP traffic ranking at that time.
Top IP Traffic
Shows statistics for the top 10 regions, high-risk ports, session percentages, and source IP addresses for inbound traffic.
None
-
Internet exposure data
The Internet exposure statistics provide a quick overview of both normal and anomalous inbound traffic to your assets. You can use this data to conduct targeted investigations on the Exposure Details tab and promptly secure your inbound traffic.
-
Log on to the Cloud Firewall console. In the left-side navigation pane, choose .
-
In the upper-right corner of the Internet Exposure page, select a time range, and then review the information in the statistics area and on the Exposure Details tab.
The Cloud services tab provides a filter bar (for criteria such as public SLB, protocol, asset region, and public IP address) and a data table. The table columns include Type, Public IP address, Protocol/port, Health check status, Availability zone, Instance ID/name, and Access Control.
You can select a predefined time range from the drop-down list or specify a custom time range within the last 7 days.
Item
Description
Actions
Exposed Public IP
Shows the total number of open public IP addresses and the number of those with associated risks.
To analyze traffic to a public IP address and identify malicious traffic, click Visit Details in the Actions column. In the Exposed Public IP panel, view detailed information about traffic to that public IP address.
-
Configure an outbound access control policy to block outbound connections from the asset
Click Configure ACL to go to the Internet firewall page in Access Control. For more information, see Configure access control policies for the Internet firewall.
-
Add IP addresses to an address book for centralized management
Click the
icon and then click Add to Address Group to go to the Address Book management page. For more information, see Address Book. -
View detailed traffic logs to determine if the traffic is required for your business
Click the
icon and then click View Logs to go to the traffic logs tab in Log Audit. For more information, see Log Audit. -
View recommended smart policies to promptly protect at-risk assets
Click the
icon and then click Smart Policy to view the smart policies recommended by Cloud Firewall and the reasons for the recommendations.
Exposed Port
Shows the total number of open ports and the number of those with associated risks.
To analyze traffic to an open port and identify malicious traffic, click Visit Details in the Actions column. In the Exposed Port panel, view detailed information about traffic to that port.
Exposed Applications
Shows the total number of open applications and the number of those with associated risks.
To analyze traffic to an open application and identify malicious traffic, click Visit Details in the Actions column. In the Exposed Applications panel, view detailed information about traffic to that application.
Details
Displays traffic data for all assets.
To analyze traffic data for all asset types and identify malicious traffic, click Visit Details in the Actions column. In the Details panel, view detailed information about traffic to the target asset.
Cloud Services
Shows the number of public IP addresses for cloud services that are receiving inbound traffic.
None
-
Data export
On the Exposure Details tab, click the
icon in the upper-right corner of the list to download the data for open public IP addresses, open ports, open applications, asset details, and cloud services as a CSV file for local analysis.
Related topics
-
For information about the public traffic processing capabilities of Cloud Firewall, see subscription 2.0 and pay-as-you-go 2.0.
-
To view details about outbound traffic from your assets to the internet, see Outbound Connection.
-
What do I do if my service traffic exceeds the bandwidth supported by Cloud Firewall?
-
Troubleshooting guide for anomalous traffic at the internet border