Mutexer

Appearance

Geographic Map

Overview

The geographic map is an interactive SVG visualization displayed on the monitoring dashboard that indicates the geographic origins of traffic to Horizon circuits worldwide. Every request that passes through a Horizon circuit is geolocated to a country based on its source IP address, and the map aggregates this data over the last 24 hours to produce a visual representation of the traffic's geographic distribution. The map provides an intuitive, visual method for identifying patterns that would be difficult to detect by reviewing individual log entries - at a glance, it reveals whether traffic is concentrated in expected regions or whether unexpected sources warrant investigation.

Map Features

The world map uses a color gradient to indicate traffic volume by country. Countries with no traffic from the last 24 hours are displayed in a neutral light gray. As the number of requests from a country increases, the color transitions from light blue to progressively darker shades of blue, with the highest-traffic countries displayed in a deep, saturated blue. This gradient makes it immediately apparent which countries are generating the most traffic. Hover tooltips appear when the cursor is positioned over any country on the map, displaying the country's name and the exact number of requests received from that country in the last 24 hours. Adjacent to the map, a top countries ranking bar chart lists the countries with the highest request counts in descending order, providing a quick ranked summary of the top traffic sources. The bar chart and the map complement each other: the map provides geographic context, while the bar chart provides precise numbers.

Use Cases

The geographic map is valuable for several monitoring and security tasks. It can be used to identify unexpected traffic sources - if a service is intended only for users in North America and Europe, but the map displays significant traffic from countries where no operations exist, this may indicate automated scanning, unauthorized access attempts, or misconfigured access rules. It can be used to verify that traffic matches expected patterns - if the primary user base is in Australia, Germany, and the United States, the map should reflect this, with those countries displayed in the darkest colors. It can be used to inform country blocking decisions - if a large volume of blocked or suspicious requests originates from a specific country with no legitimate users, adding a country block for that geography reduces noise in the logs and load on the infrastructure. It can also be used to detect geographic shifts in attack patterns - a sudden spike in traffic from a previously quiet country may indicate a newly launched attack campaign that warrants investigation.

Copyright © 2024 Mutexer Pty Ltd