Prolexic reports
Prolexic protects your applications, data, or infrastructure from Distributed Denial of Service(DDoS) attacks by providing a vast distribution of global scrubbing centers for attack detection and mitigation.
If you are using Prolexic, you can also generate reports on the routed activity, traffic flow, attacks, anomalies, and configuration events as well as trends observed over time.
You can access the reports from the Traffic Reports page under Common Services within the Control Center ☰ global menu. See How to use reports for more information.
Routed Trends reports
Routed Trends reports provide data on peak traffic trends, triggered events, and potential alerts. It collects telemetry and alerts on anomalies at various points in the traffic path. You can also view the attack vectors to understand the possible cause of an attack and its mitigation.
To access the Routed Trends report:
- Log in to the Control Center.
- Go to ☰ > Common Services > Traffic Reports.
- In the Reports menu, select Predefined reports > Prolexic > Routed Trends.
You will also be redirected to the above path from the existing Security Center dashboard to have a consistent global view of Routed Trends.
The Routed Trends reports consists of four distinct tabs:
Security Configurations
This tab provides traffic data by security configurations which contains all of the network setup and transport configurations for each unique customer data center asset. Each data center configuration is referred to as a policy domain. The policy domain represents all of the relevant details for each location’s setup.
It offers four distinct views — Pre-Mitigation Flow, Post-Mitigation Flow, Traffic to Origin, and FBM Flow (opt-in).
Data granularity
The aggregation interval for each data record is five minutes, one hour, and one day. Data retention is for the last 90 days.
Reports filters definitions
- Metric (required). Traffic units — Bits per second (BPS) or packets per second (PPS).
- Traffic to Origin (required). Clean, legitimate traffic that is routed back to the origin infrastructure.
- Security Configurations (required). The security configurations for each unique datacenter asset.
Graphic visualization and tables
- Pre-Mitigation Flow. Graph showing all inbound traffic — both legitimate and malicious, that enters the Akamai Prolexic platform from the internet via anycast, reaching the nearest scrubbing center.
- Post-Mitigation Flow. Graph showing traffic after initial mitigation has been applied. It includes both the filtered attack traffic and the remaining clean traffic as it transits within Akamai towards the origin.
- Traffic to Origin. Graph showing legitimate traffic that is routed back to the origin infrastructure. This traffic typically follows an asymmetric return path and is subject to origin-specific routing policies.
- FBM Flow (opt-in). Graph showing origin traffic levels via the FBM system, based on NetFlow data exported to Akamai's flow aggregation systems within the scrubbing centers.
- Events. A tabular view showing key routed events for the traffic. There are three event types:
- Attack alerts. These alerts get triggered when there is a DDoS attack.
- FBM alerts. These alerts get triggered when the FBM threshold is met or crossed.
- FBM configs. These alerts get triggered when there is a change in FBM configurations.
Akamai Scrubbing Centers
This tab provides data for the traffic flowing in and out of the Akamai scrubbing centers. It offers two distinct views — Pre-Mitigation Flow and Post-Mitigation Flow.
Data granularity
The aggregation interval for each data record is five minutes, one hour, and one day. Data retention is for the last 90 days.
Reports filters definitions
- Metric (required). Traffic units — Bits per second (BPS) or packets per second (PPS).
- Scrubbing Centers (required). Akamai global scrubbing centers located in the Americas, EMEA, and APJ.
- Security Configurations (required). The security configurations for each unique datacenter asset.
Graphic visualization and tables
- Pre-Mitigation Flow. Graph showing all inbound traffic — both legitimate and malicious, that enters the Akamai Prolexic platform from the internet via anycast, reaching the nearest scrubbing center.
- Post-Mitigation Flow. Graph showing traffic after initial mitigation has been applied. It includes both the filtered attack traffic and the remaining clean traffic as it transits within Akamai towards the origin.
Connection Types
This tab provides traffic data filtered by your Prolexic infrastructure connections like VLL circuits, GRE sessions, ADC tunnels, and protected IPs/subnets. It offers one distinct view — Traffic to Origin.
Data granularity
The aggregation interval for each data record is five minutes, one hour, and one day. Data retention is for the last 90 days.
Reports filters definitions
- Metric (required). Traffic units — Bits per second (BPS) or packets per second (PPS).
- Traffic to origin (required). Clean, legitimate traffic that is routed back to the origin infrastructure.
Select at least one of the following filters:
- Tunnels (optional). The source and destination IP pairs used to establish the Prolexic Routed 3.0 GRE connectivity.
- Prolexic over ADC Tunnels (optional). The source and destination IPs used to establish the Prolexic over ADC GRE connectivity.
- Circuits (optional). The physical Layer 1 ports or circuits in Prolexic Routed Connect. They provide peer-to-peer connectivity between the Akamai scrubbing centers and the origin.
- Protected IPs (optional). The virtual IPs (VIPs) assigned to the configuration to support origin in the Prolexic IP Protect.
Graphic visualization and tables
Traffic to Origin. Graph showing legitimate traffic that is routed back to the origin infrastructure. This traffic typically follows an asymmetric return path and is subject to origin-specific routing policies.
FBM (opt-in)
This tab provides traffic data based on the FBM (Flow Based Monitoring) inspection for any anomalies and security alerts. It offers three distinct views — FBM Protocol, FBM Router, and FBM CIDRs.
FBM is an add-on service. The FBM data will be available on this tab if you have opted for it.
Data granularity
The aggregation interval for each data record is five minutes, one hour, and one day. Data retention is for the last 90 days.
Reports filters definitions
- Metric (required). Traffic units — Bits per second (BPS) or packets per second (PPS).
Select at least one of the following filters:
- FBM Protocol (optional). The FBM Protocol used to categorize various types of network communication. The supported protocols are TCP, UDP, GRE, ICMP, 41, and ICMPv6.
- FBM Router (optional). The FBM Router serves as the originating source of NetFlow exports from your infrastructure, typically configured as “customer-premise equipment” (CPE).
- FBM CIDRs (optional). Also referred to as monitored objects. These are the IP spaces and/or IP hosts within your protected prefixes that can be used to build custom alerting thresholds or levels.
Graphic visualization and tables
- FBM Protocol. Graph showing traffic flowing to the monitored objects by protocol breakdown.
- FBM Router. Graph showing traffic monitored by NetFlow which the FBM router generates.
- FBM CIDRs. Graph showing traffic flowing to the networks monitored for anomaly alerting.
Updates to open API Configurations
Prolexic IP Protect customers will no longer be able to retrieve proxy metrics from the Get metrics type endpoint. Instead, they must use the new Reporting API endpoint to get these metrics. All other metric types will continue to work with the Get metrics type endpoint.
.
New API-driven benefits of the migration
With the new Reporting API endpoint, users can now query Pre-Mitigation, Post-Mitigation, Traffic to Origin, and FBM traffic in both bits-per-second (BPS) and packets-per-second (PPS), across multiple policy domains simultaneously. Previously only one policy domain could be queried at a time.
Additionally, users can perform more granular queries on specific connections, such as:
- Prolexic Routed tunnel by tunnel source and destination IP
- Specific Prolexic IP Protect connections by VIP
- VLL circuits by point-to-point subnets
The new reporting framework offers ready-to-use APIs for all visualizations. Any query functionality supported in the visualization UI is now equally supported through the APIs.
Additional benefits
- Standardized framework for enhanced customer experience. This transition allows us to adopt the standard Akamai framework to enable more flexible, faster, and easier ways of reporting data to customers. This includes simplified and improved visualization as well as the ability to easily filter relevant data.
- Flexibility to download reports and underlying data. Customers will now be able to download the underlying data of the various graphs and charts within a report type to a CSV file. This allows customers to analyse their Prolexic Routed data with additional flexibility to meet their business and security requirements.
- Improved and more granular queries using open APIs. As outlined in the section above, customers will be able to leverage the ready-to-use APIs of the new reporting framework to make more granular queries, and get improved visibility into their traffic. Additionally, the new reporting framework will allow additional improvements in future releases and showcase the value of Prolexic’s protection in front of customers.
- Setting up a schedule for reports. Customers can now set up automated scheduled delivery of Prolexic Routed reports to their email. They can set specific names for their scheduled reports, the recipient list, the format of the report (HTML or CSV), and the frequency of the reports:
- Real time
- Daily
- Weekly
- Monthly
Updated 3 days ago