View Advanced IP Defense Dashboard
Use the Advanced IP Defense dashboard in Strata Cloud Manager to visualize IP attribution trends, direct-to-IP connections, and policy actions.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
- Advanced IP Defense license
- Strata Logging Service forwarding configured
|
The Advanced IP Defense dashboard in Strata Cloud Manager provides a centralized view of IP-based threat activity across your deployment. The dashboard is located under and displays interactive widgets that allow you to identify trends, investigate specific connections, and assess the effectiveness of your Advanced IP Defense policy rules. Each widget provides drill-down capability so you can pivot from a high-level overview to specific threat sessions.
The dashboard draws data from threat logs generated by Advanced IP Defense policy rule matches. For firewalls running PAN-OS 12.2 and later, the logs include full attribute-level detail including categories, subcategories, and policy actions. For firewalls running PAN-OS 12.1.x and 11.2.x, the dashboard captures EDL hits from the predefined Advanced IP Defense External Dynamic Lists, providing visibility into blocked threats even on platforms that don't support profile-based controls.
The following dashboard widgets are available.
| Widget | Description |
|---|
| AIPD Cloud Traffic | Displays the volume of traffic processed by the Advanced IP Defense cloud service over the selected time range. Use this widget to verify that your firewalls are actively communicating with the cloud service and to identify any unexpected drops in lookup volume that may indicate connectivity issues. |
| Top Direct-to-IP Connections | Shows the top 5 direct-to-IP connections detected in your environment. These are connections made to IP addresses without a prior DNS resolution, which can indicate malware communicating with hardcoded command-and-control servers or data exfiltration through direct IP connections. |
| Traffic by Category and Subcategory | Breaks down Advanced IP Defense traffic by attribute category (such as Anonymizers & Proxies, Malware & C2, Netblock Owner) and subcategory (such as Tor Exit Node, Open Proxy, Malware C2). Use this widget to understand the composition of IP-based threats in your environment and identify which threat categories are most prevalent. |
| Policy Actions by Category | Visualizes the distribution of policy actions (Block, Allow, Alert) taken across attribute categories and subcategories. This widget provides a flow diagram similar to the DNS Security category distribution view, allowing you to see how your policy rules handle different types of IP-based threats and identify categories where you may want to adjust your enforcement actions. |
You can also monitor Advanced IP Defense from the
Command Center, which includes Advanced IP Defense in the Threats page alongside other cloud-delivered security services. The Command Center Summary page displays the total Advanced IP Defense threat count and best practice assessment status, giving you an at-a-glance view of your IP-based threat posture.
