🗃️ Anomaly detection
📄️ Trace and block suspicious IPs
Add threat intelligence feeds to trace network flows of suspicious IP addresses, and optionally block traffic to them.
📄️ Trace and alert on suspicious domains
Add threat intelligence feeds to trace DNS queries that involve suspicious domains.
📄️ Trace and block suspicious external IP addresses
Use flow logs to trace external IP addresses that access clusters.
📄️ Anonymization attacks
Detect and analyze malicious anonymization activity using Tor-VPN feeds.
📄️ Deep packet inspection
Monitor live traffic for malicious activities.
📄️ Workload-based Web Application Firewall (WAF)
Configure Calico to use with Layer 7 Web Application Firewall.