This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Manage "Suspicious IP-ET" Continuous Events

Manage "Suspicious IP-ET" Continuous Events

Anonymous
Not applicable

‎04-09-2019 12:32 PM

Hi,

This is linked in part to a previous post:

https://community.extremenetworks.com/extrememanagement-230297/extremeanalytics-suspicious-ip-et-782...

At this time XMC is recording 728,320 alarms of this event, and the events log is getting continuously filed with the messages, all from different IP address.

The XMC help, as does the link above mention an 'IP Reputation' dashboard which I am unable to find?

There log looks like its coming from the fact that suspicious IP addresses are being seen, but without the a Dashboard or means of control that I can find the logs are getting swamped.

Maybe its something that is coming in a future release, current version 8.2.4.42?

Many thanks
0 Kudos
1 REPLY 1

Anonymous
Not applicable

‎04-09-2019 01:33 PM

I've created this dashboard through the report designer, which I believe gives me the detail in what the Suspicious IP-ET events are:

a284f86a64764831b6d889299bdc22dd_fc3de870-eafa-4f63-a1f9-0f165dbf73a9.png


Pre-built one:

a284f86a64764831b6d889299bdc22dd_bfe84378-8b69-4700-9926-069aaf9028d4.png



Looks like the IP addresses are clickable but nothing happens. Be good for example that I could create a policy to straight off clicking, say, the high risk endpoints.
0 Kudos
GTM-P2G8KFN