|
| 1 | +--- |
| 2 | +id: remediation_metrics |
| 3 | +title: Remediation Metrics |
| 4 | +--- |
| 5 | + |
| 6 | +:::info |
| 7 | +For your Security Engine to collect and send metrics, make sure you’re using CrowdSec v1.6.3 or higher. |
| 8 | +**Note:** Not all Remediation Components report metrics to the CrowdSec Console. For details, refer to the [official documentation](https://docs.crowdsec.net/u/bouncers/intro). |
| 9 | +::: |
| 10 | + |
| 11 | +## Introduction |
| 12 | + |
| 13 | +The **Remediation Metrics** page offers a clear and comprehensive view of the malicious activity that CrowdSec has detected and remediated on your infrastructure. |
| 14 | +It provides key insights into: |
| 15 | +- The number and types of attacks |
| 16 | +- The impact of remediation measures |
| 17 | +- The estimated resources saved by stopping these threats |
| 18 | +- The blocklist that contribute to remediate malicious traffic |
| 19 | + |
| 20 | +The page is divided into three main sections: |
| 21 | +- **Malicious Intents** – A breakdown of attack types associated over time and the total number of attacks prevented. |
| 22 | +- **Malicious Traffic Dropped/Discarded** – Raw and estimated data showing how much malicious traffic has been dropped by your remediation components. |
| 23 | +- **Projected Resources Saved** – An estimate of the resources preserved thanks to traffic being dropped (e.g., storage, bandwidth, log volume). |
| 24 | + |
| 25 | +--- |
| 26 | + |
| 27 | +## Malicious Intents |
| 28 | + |
| 29 | +At the top of the page, you'll see the **Total Prevented Attacks** for the selected time period. This gives you an immediate overview of how many threats CrowdSec has detected and remediated. |
| 30 | + |
| 31 | + |
| 32 | + |
| 33 | +The **Malicious Intents** section provides a detailed breakdown of the types of attacks that were prevented. These are based on the behavior and typology of IPs remediated by your remediation components, including blocklists and security engines. |
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | + |
| 40 | +## Malicious Traffic Discarded |
| 41 | + |
| 42 | +This section highlights the amount of malicious traffic that has been remediate by your bouncers. It includes both raw and estimated data on discarded requests, packets, and bytes. |
| 43 | + |
| 44 | +- **Raw data** represents actual traffic dropped by your remediation components (bouncers), powered by blocklists and security engines. |
| 45 | +- **Estimated data** is calculated by applying a coefficient to the raw metrics to provide a projected view of saved resources. |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | +Below the graph, you’ll find a **blocklist breakdown**, ordered by the amount of traffic each list helped block. |
| 50 | +To enhance your protection and block even more threats, explore the full set of [CrowdSec Blocklists](https://app.crowdsec.net/blocklists/search). |
| 51 | + |
| 52 | +--- |
| 53 | + |
| 54 | +## Projected Resources Saved |
| 55 | + |
| 56 | +CrowdSec not only protects you from attacks but also helps you optimize your infrastructure by reducing resource usage. |
| 57 | + |
| 58 | +This section estimates the **resources saved** as a result of blocking malicious traffic, including: |
| 59 | + |
| 60 | +- **Outgoing Traffic** – Bandwidth saved by stopping outgoing traffic, also known as egress traffic, from malicious sources. |
| 61 | +- **Log Lines** – Fewer events logged means reduced storage and processing. |
| 62 | +- **Storage Space** – Space saved by avoiding unnecessary log generation. |
| 63 | + |
| 64 | + |
| 65 | + |
| 66 | +Just like the **Malicious Traffic Discarded** section, this view includes a blocklist breakdown showing which lists contributed most to resource savings. |
| 67 | +To block more threats and save even more resources, consider using additional [CrowdSec Blocklists](https://app.crowdsec.net/blocklists/search). |
0 commit comments