SonicOS 8 Rules and Policies for Classic Mode
Table of Contents
Viewing IoC IP Address Statistics
Basic statistics for IoC IP Address files loaded on the firewall are available in the Diagnostics tab.
-
Navigate to Policy > Indicator of Compromise > IP Addresses.
-
Click on Diagnostics tab.
The Diagnostics tab has three sections
IoC IP Addresses Statistics
| No of Entries |
Shows the total number of IoC IP address updates ingested into the database, not the number of unique IP addresses. If an IoC IP address file contains a single IP address and the Threat Intelligence (TI) provider updates that file multiple times, each update is counted as a separate entry. As a result, the Number of Entries increases with every update, even though the file still contains only one IP address. Therefore, the Number of Entries is typically higher than the actual number of unique IP addresses across all IoC IP Address Files. |
| No of Times Called | Shows how many times the IoC lookup engine has been called to check traffic against IoC IP addresses. |
| No of Times Not Looked‑up | Shows how many times traffic was not checked against IoC IP addresses (For example, if IoC blocking is disabled or the traffic does not match conditions for lookup). |
| No of Times Resolved | Shows how many times an IoC lookup resulted in a match and the IP was successfully resolved as an IoC IP address. |
Lookup IoC IP Addresses
Use Lookup IoC Address IP to check if the entered IP address is found in any of the IoC IP Address Files downloaded to the firewall.
Result
If the IP address entered in Lookup IoC Address IP matches an entry, the corresponding details are displayed in the Result section.
