Echelon Use Cases

Find out if a host is targeting your organisation

In the search bar above, enter an IP address to query the Echelon database. Try 203.167.203.212 for example. This will take you to the details page for this IP address.

If the host is classified as Malicious, it has been observed by our sensors attempting to scan or exploit multiple destination organisations.

Block malicious IPs from your organisation's network

Search for a tag using tag:<tag_name>. Try tag:Telnet Bruteforcer for example.

You can access a dynamic blocklist using the tag's normalised name (e.g. "SSH Bruteforcer" becomes "ssh-bruteforcer"). Query for the normalised tag name in /api/tag/block/[tag-name] e.g. /api/tag/block/ssh-bruteforcer

This URL can be used in your firewall as a dynamic block list / external dynamic list. See the following links for configuring Palo Alto NGFWs and Fortigate Firewalls.

• Palo Alto External Dynamic Lists
• FortiGate External Blocklist Policy