Search Traffic

This topic describes the steps for searching the Illumio CloudSecure traffic feature, found in the Cloud > Explore menu, and provides a general example of how you would use it. For an overview of the Traffic page, including Risk Report generation, see Traffic. For instructions on how to use the search function in the Traffic page, see the in-application pop-ups in the CloudSecure GUI.

Supported Resource Types

See Traffic Supported Resources. For a list of resources against which you can write policy, see Resources that Support Policy.

Searching Traffic Guidelines

Using the Filter

The following are guidelines for using the Filter, which is also available on the Applications page Traffic tab:

  • You have the option of using operators such as != and =, but note that ! does not work with labels
  • If you want to switch the automatically inserted joiners from OR to AND, or the reverse, select Match All Conditions (AND) or Match Any Conditions (OR) as appropriate. You can add additional search terms without having to delete existing terms.
  • You can filter by:
    • Source/Destination (this menu can change depending on Category selection)
    • Category (these include Cloud, Account, Region, Label, Flow Status, IP Address, Port, Subnet, VPC, Known Network, and Resource Type)
    • Operator (this menu can change depending on Category selection)
    • Value (these include label name, port, and IP address). Note that if you type an IP address, the numerals appear in the search bar before they appear in the value field in search menu.
  • When filtering by IP addresses, you can use CIDR blocks to include a range of IP addresses. For example, adding "/16" to an IP address will search for flows with IP addresses starting with the same first 16 bits as the specified IP address, such as 10.104.XXX.XXX. Similarly, adding "/24" or "/30" will search for flows with IP addresses starting with the same first 24 or 30 bits as the specified IP address, respectively. Note that the number after the slash specifies the prefix length.
  • When filtering by Known Networks, the Inventory page Known Networks tab provides the values that populate your filter. See Inventory.
  • Click the Refresh button to refresh the traffic data without having to hard refresh the browser tab or modify the search to clear stale traffic data. For example, if you wanted to run the same filter query in the evening that you ran that morning, it is probably best to refresh the data, as additional traffic may have occurred since you last ran the filter query.