topic Manage &quot;Suspicious IP-ET&quot; Continuous Events in ExtremeCloud IQ- Site Engine Management Center https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/manage-quot-suspicious-ip-et-quot-continuous-events/m-p/75724#M8559 Hi,<BR /> <BR /> This is linked in part to a previous post:<BR /> <BR /> <A href="https://extreme.connectedcommunity.org/communities/community-home/digestviewer/view-question?ContributedContentKey=8eea8e48-8ed0-412c-9de2-c77d9d0d3435&amp;CommunityKey=d4b57428-7c7e-4bce-886a-356352ffa2c0&amp;tab=digestviewer" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extrememanagement-230297/extremeanalytics-suspicious-ip-et-7823023</A><BR /> <BR /> At this time XMC is recording 728,320 alarms of this event, and the events log is getting continuously filed with the messages, all from different IP address.<BR /> <BR /> The XMC help, as does the link above mention an 'IP Reputation' dashboard which I am unable to find?<BR /> <BR /> There log looks like its coming from the fact that suspicious IP addresses are being seen, but without the a Dashboard or means of control that I can find the logs are getting swamped.<BR /> <BR /> Maybe its something that is coming in a future release, current version 8.2.4.42?<BR /> <BR /> Many thanks Tue, 09 Apr 2019 19:32:17 GMT Anonymous 2019-04-09T19:32:17Z Manage "Suspicious IP-ET" Continuous Events https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/manage-quot-suspicious-ip-et-quot-continuous-events/m-p/75724#M8559 Hi,<BR /> <BR /> This is linked in part to a previous post:<BR /> <BR /> <A href="https://extreme.connectedcommunity.org/communities/community-home/digestviewer/view-question?ContributedContentKey=8eea8e48-8ed0-412c-9de2-c77d9d0d3435&amp;CommunityKey=d4b57428-7c7e-4bce-886a-356352ffa2c0&amp;tab=digestviewer" target="_blank" rel="nofollow noreferrer noopener">https://community.extremenetworks.com/extrememanagement-230297/extremeanalytics-suspicious-ip-et-7823023</A><BR /> <BR /> At this time XMC is recording 728,320 alarms of this event, and the events log is getting continuously filed with the messages, all from different IP address.<BR /> <BR /> The XMC help, as does the link above mention an 'IP Reputation' dashboard which I am unable to find?<BR /> <BR /> There log looks like its coming from the fact that suspicious IP addresses are being seen, but without the a Dashboard or means of control that I can find the logs are getting swamped.<BR /> <BR /> Maybe its something that is coming in a future release, current version 8.2.4.42?<BR /> <BR /> Many thanks Tue, 09 Apr 2019 19:32:17 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/manage-quot-suspicious-ip-et-quot-continuous-events/m-p/75724#M8559 Anonymous 2019-04-09T19:32:17Z Re: Manage "Suspicious IP-ET" Continuous Events https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/manage-quot-suspicious-ip-et-quot-continuous-events/m-p/75725#M8560 I've created this dashboard through the report designer, which I believe gives me the detail in what the Suspicious IP-ET events are:<BR /> <BR /> <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="a284f86a64764831b6d889299bdc22dd_fc3de870-eafa-4f63-a1f9-0f165dbf73a9.png"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/1942i5B710126FB0DBBCA/image-size/large?v=v2&amp;px=999" role="button" title="a284f86a64764831b6d889299bdc22dd_fc3de870-eafa-4f63-a1f9-0f165dbf73a9.png" alt="a284f86a64764831b6d889299bdc22dd_fc3de870-eafa-4f63-a1f9-0f165dbf73a9.png" /></span></P><BR /> Pre-built one:<BR /> <BR /> <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="a284f86a64764831b6d889299bdc22dd_bfe84378-8b69-4700-9926-069aaf9028d4.png"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/3016iB0A43F6936582C71/image-size/large?v=v2&amp;px=999" role="button" title="a284f86a64764831b6d889299bdc22dd_bfe84378-8b69-4700-9926-069aaf9028d4.png" alt="a284f86a64764831b6d889299bdc22dd_bfe84378-8b69-4700-9926-069aaf9028d4.png" /></span></P><BR /> <BR /> Looks like the IP addresses are clickable but nothing happens. Be good for example that I could create a policy to straight off clicking, say, the high risk endpoints. Tue, 09 Apr 2019 20:33:23 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/manage-quot-suspicious-ip-et-quot-continuous-events/m-p/75725#M8560 Anonymous 2019-04-09T20:33:23Z