Threat defense

Use real-time monitoring to detect and block threats to your cluster.

Security event management

Triage and manage security events from your Calico Enterprise cluster in the Security Events Dashboard, with filtering, exceptions, and recommended remediation.

Trace and alert on suspicious domains

Add threat intelligence feeds to Calico Enterprise to detect DNS queries to suspicious domains and surface impacted pods in the anomaly dashboard.

Trace and block suspicious IPs

Add threat intelligence feeds to Calico Enterprise to alert on flows to suspicious IP addresses and optionally block them with a dynamic deny-list policy.

Workload-based Web Application Firewall (WAF)

Protect cluster workloads from Layer 7 attacks with the Calico Enterprise workload-based WAF, powered by Envoy sidecars and the OWASP ModSecurity Core Rule Set.

Webhooks for security events

Configure Calico Enterprise webhooks to post security event alerts to Slack, Jira, Alertmanager, or generic JSON endpoints from your self-hosted cluster.

Deep packet inspection

Run deep packet inspection on selected workloads in your Calico Enterprise cluster with Snort community rules to alert on suspected malicious traffic.

Anonymization attacks

Detect anonymization activity in your Calico Enterprise cluster with Tor bulk exit and X4B VPN feeds, and investigate findings in the Tor-VPN Kibana dashboard.