The Threat Map module has the purpose of displaying the map of attacks worldwide (type WORLD), or attacks carried out on the local infrastructure (type LOCAL). As a detail view the types of attacks most frequent and the countries that send the most attacks.
The module allows you to apply a block on the perimeter Firewall or BlakcHole router on Border routers, for the geolocation of the attack.
Furthermore, through the TIG investigation, it can implement customized protection for its infrastructure
THREAT MAP GEOLOCALIZED
The module displays the data of the attackers, geolocating them on the map.
The log inputs from the customer’s PS-IDS -SIEM FW further feed the data displayed in the map.
In addition, our TIG (Tecninf Intelligence Group) collects data worldwide, and further integrates the information contained in the map.
WORLD ATTACK VIEWS ( WORLD)
The module reads a file in .csv format (attacksList.csv) which is updated at regular intervals. For each record contained in the attacks file, the map also displays an arc connecting the two geographic coordinates.
LOCAL ATTACK VIEWS ( LOCAL )
By activating this mode, the Threat Map displays the attacks carried out on the local infrastructure.
Data containing the IP addresses that generated the attacks, are sent to u n TCP and UDP type servers, which for this reason, allows the acquisition of attacks brought to your in framework .