ThreatX UI

The ThreatX user interface is a Software-as-a-Service (SaaS) application that presents the data the platform collects into various pages and tables. The ThreatX navigation bar has a Settings menu, from which you can accomplish various administative tasks.

Access the ThreatX user interface at: https://x.threatx.io

After connecting hostnames to ThreatX, real-time attack information will be displayed via the Attack Dashboard and API Defender in the ThreatX platform.

Use the latest available sensor version to see all information populated on the ThreatX platform.
UI Components
Threat Response Platform

Sends metrics and analytical data and sends notifications using email or webhooks. You can respond manually using the allow, deny, and block lists.

Dashboard and Reporting

The ThreatX platform provides data in various forms including scorecards. You can drill down from a threat view to the individual endpoint.

Dashboard

🔧 Common Dashboard Tasks
  • Monitor changes.

  • Review details about a specific threat.

  • Determine if traffic from an origin is to be allowed or blocked.

  • Identify unexpected usage patterns.

🎛️ Data controls and filters

Pages

The ThreatX dashboard pages offer the following controls and filters that you can use to focus on specific data.

image 3
Figure 1. Dashboard page filters
Site group

If your ThreatX platform organizes sites into groups, you can choose which group to view. You can view one site group or all site groups.

Sites

You can display the data for one or all sites.

Tenant

If your ThreatX platform has many tenants and your account has permission, you can choose which tenant to view. You can view one tenant only at a time.

Live

Refreshes the data.

Time range

Choose the time frame to view the data. You can choose a relative time frame, such as the last 12 hours, or an absolute time frame. The time range you select for each page affects the data shown on that page.


Tables

image 4
Figure 2. Match event increase of 30%

Some data in the various tables include a percentage with an arrow. The value indicates a change in the data relative to the baseline reporting period, which is 7 days before the selected time range.

For example, when you select a 12-hour time range, the baseline period is the same 12-hour period from 7 days previous. The arrow indicates an increase or decrease in value. The following figure shows an increase in the number of Match Events of 30%.


Searching
  • You can click the search icon 🔎 in each column header to filter the table.

  • The search icon 🔎 for some rows will also display a count of each type of entry (e.g., the Domain row would show every type of domain and the number of each).

Glossary

API profile

Type of API such as JSON, XML, and URL-encoded.

API traffic

Traffic that includes HTTP messages containing programmatic content sent between the site and client applications.

Endpoint

URL pattern representing a group of resources within a site. A site can have multiple endpoints.

Entity

A specific IP address or IP group. A suspicious entity is a threat.

iWAF

Intelligent web application firewall. The next generation of the Web Application Firewall. See WAF.

Non-API site

Site not served by an API server. Typically, a non-API site has web assets which are used for human interaction.

Rule

Set of Boolean conditions that, when True, implement the rule’s defined action and risk level. A True state is also known as a match.

Sensor

See WAF sensor.

Site

Web property serving API responses intended for consumption by an application. Also called an API site.

Tenant

Container for an organizational unit such as a department or company. The ThreatX platform supports multiple tenants.

Threat

Representation of individual API clients or network of clients that have engaged in an activity that matches one or more rules and is therefore identified as suspicious or questionable. An identified threat is not necessarily malicious.

WAF

Web Application Firewall. Type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic and detects and blocks anything malicious.

WAF Sensor

A reverse proxy-based web application firewall. Sensors monitor all the HTTP(S) traffic flows for malicious and legitimate activity. The sensor is decoupled from the analytics platform, so it can be run anywhere in the world and is used by customers with high bandwidth requirements.