ThreatX UI

The ThreatX user interface is a Software-as-a-Service (SaaS) application that presents the data the platform collects into various pages and tables. The ThreatX navigation bar has a Settings menu, from which you can accomplish various administative tasks.

Access the ThreatX user interface at: https://x.threatx.io

After connecting hostnames to ThreatX, real-time attack information will be displayed via the Attack Dashboard and API Defender in the ThreatX platform.

Use the latest available sensor version to see all information populated on the ThreatX platform.

UI Components

Threat Response Platform: Sends metrics and analytical data and sends notifications using email or webhooks. You can respond manually using the allow, deny, and block lists.
Dashboard and Reporting: The ThreatX platform provides data in various forms including scorecards. You can drill down from a threat view to the individual endpoint.

Dashboard

🔧 Common Dashboard Tasks

Monitor changes.
Review details about a specific threat.
Determine if traffic from an origin is to be allowed or blocked.
Identify unexpected usage patterns.

🎛️ Data controls and filters

Pages

The ThreatX dashboard pages offer the following controls and filters that you can use to focus on specific data.

Figure 1. Dashboard page filters

Site group	If your ThreatX platform organizes sites into groups, you can choose which group to view. You can view one site group or all site groups.
Sites	You can display the data for one or all sites.
Tenant	If your ThreatX platform has many tenants and your account has permission, you can choose which tenant to view. You can view one tenant only at a time.
Live	Refreshes the data.
Time range	Choose the time frame to view the data. You can choose a relative time frame, such as the last 12 hours, or an absolute time frame. The time range you select for each page affects the data shown on that page.

Tables

Figure 2. Match event increase of 30%

Some data in the various tables include a percentage with an arrow. The value indicates a change in the data relative to the baseline reporting period, which is 7 days before the selected time range.

For example, when you select a 12-hour time range, the baseline period is the same 12-hour period from 7 days previous. The arrow indicates an increase or decrease in value. The following figure shows an increase in the number of Match Events of 30%.

Searching

You can click the search icon 🔎 in each column header to filter the table.
The search icon 🔎 for some rows will also display a count of each type of entry (e.g., the Domain row would show every type of domain and the number of each).

Glossary

API profile: Type of API such as JSON, XML, and URL-encoded.
API traffic: Traffic that includes HTTP messages containing programmatic content sent between the site and client applications.
Endpoint: URL pattern representing a group of resources within a site. A site can have multiple endpoints.
Entity: A specific IP address or IP group. A suspicious entity is a threat.
iWAF: Intelligent web application firewall. The next generation of the Web Application Firewall. See WAF.
Non-API site: Site not served by an API server. Typically, a non-API site has web assets which are used for human interaction.
Rule: Set of Boolean conditions that, when True, implement the rule’s defined action and risk level. A True state is also known as a match.
Sensor: See WAF sensor.
Site: Web property serving API responses intended for consumption by an application. Also called an API site.
Tenant: Container for an organizational unit such as a department or company. The ThreatX platform supports multiple tenants.
Threat: Representation of individual API clients or network of clients that have engaged in an activity that matches one or more rules and is therefore identified as suspicious or questionable. An identified threat is not necessarily malicious.
WAF: Web Application Firewall. Type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic and detects and blocks anything malicious.
WAF Sensor: A reverse proxy-based web application firewall. Sensors monitor all the HTTP(S) traffic flows for malicious and legitimate activity. The sensor is decoupled from the analytics platform, so it can be run anywhere in the world and is used by customers with high bandwidth requirements.