Skip to main content
All CollectionsProduct InfoSecurity
External Traffic Detection
External Traffic Detection
Alex Patnick avatar
Written by Alex Patnick
Updated over 2 months ago

This feature enables the detection, analysis, and alert generation for external traffic (North-South). This can significantly improve your overall security posture. Faddom can give you a view of all servers with external connectivity (whether incoming or outgoing), along with the ability to set up blacklisted countries to be alerted on.

For this feature to work, you need to first enable external traffic for the relevant subnet(s) by following our guide How to Enable Data Collection for External Sources.

Setting Up Blacklisted Countries

  1. To set up the blacklist of countries you wish to see, you go to Settings > External Traffic

  2. You can select the countries by searching or scrolling and selecting the tick box. You can also collapse the continent grouping. As you select them they appear at the top and you can remove the country by clicking the X

  3. Click Save

external traffic.gif

Updating the Public IPs

Faddom maintains a database to map public IP addresses to their respective countries. You can update this database under Settings -> External Traffic. There are options to update this database online or offline depending on whether you have internet access.
โ€‹

External Traffic Dashboard

On the main dashboard of Faddom, it will show you how many servers you are receiving external traffic for. The number is clickable and will take you to the External Traffic dashboard. You can also access it by selecting Secure > External Traffic. In this screen, you will see the servers listed along with the ports and countries of each connection.

If the blacklist has been set up, any countries that have been added to the blacklist will appear at the top with a pink background.

You can also see the results of what Faddom is found by navigating to the Security tab from the Server Properties

  1. Click on a server from a map, search, or click on the properties icon - from any list view

  2. In the properties panel, click Security in the bottom right

  3. This will take you to the Server Security Dashboard where you can see all the security information on a server including any external traffic.

Related Articles
Release Notes Highlights - v2023.4
FAQ
Release Notes Highlights - v2023.5
Log4J Vulenrability Detection Case Study
How to Detect Unauthorized Software
Did this answer your question?