4 The OCSS Dashboard Tab

The Oracle® Communications Security Shield (OCSS) Dashboard tab displays information about the SIP call traffic crossing your telephony network boundary and provides tools to help you manage its security. Some of the tools are interactive, where you can change certain settings from the Dashboard to quickly respond to traffic conditions. The Dashboard also reports on the state of your network devices, as well as the enforcement actions that the OCSS applied according to the policies and thresholds you set.

Through the Dashboard, you can:
  • Detect and take action on potential security threats and possible fraud, for example, by specifying thresholds on call activities.
  • View specific details about calls that applied enforcement action, for example, blocked calls and re-directed calls.
  • View and manage the status of on-premises equipment such as the Session Border Controllers, for example, so you can see which devices are in and out of service.

The Dashboard Header

After you log on, using the credentials you received with your subscription, Oracle® Communications Security Shield (OCSS)displays the Dashboard tab as the default landing page. At the top of the page, the Oracle banner displays the email address of the user who is logged on, provides access to the User menu, and displays the tabs you use to monitor, configure, and manage OCSS.

This screen capture shows the OCSS landing page banner with links to the Dashboard, Manage Policy Rules, and Settings pages.

Dashboard Tab—Displays tiles that graphically show information about the SIP traffic activities and actions that the OCSS monitors, as well as device and subscription status. You can expand some of the tiles for more detailed information, such as configuration settings and more granular reporting, depending on the purpose of the tile.

Access Control Lists Tab—Displays lists that you create to manage enforcement actions on inbound and outbound calls. For example, you can allow, block, redirect, and throttle the phone numbers that you specify. For new customers, the tab displays no lists until you create them. For upgrading customers, the system imports your existing lists. The Web GUI supports up to ten lists, including any that were imported.

Outbound Call Management Tab—Displays tools to help you manage outbound calls for your enterprise. You can create a list of outbound phone numbers and specify how OCSS validates and enforces their use.

Number Lookup Tab— Displays all of your configured phone number lists and their states. Provides Search to help you find a phone number across all of your OCSS phone number lists.

Activity Log Tab—Displays a view of user activity logs to help with troubleshooting and audits. You can see logged activity such as configuration changes to access control lists, threshold parameters, and on-premises software components. The activity log also supports search operations with filters to help you target your search.

Notifications Tab—Displays notifications when certain conditions occur that need your attention according to settings you configure. On the Notifications tab, privileged users can view the state of risky call types, view the history of risky calls, and manage notifications settings.

The Settings Tab—Displays links to the Cloud Communication Service (CCS) client and tenant settings that Oracle provides for you to use in the CCS configuration script, the Autonomous Threat Protection settings dialogs, the Reputation Score Classification dialog, and the Configuration Wizard.

User ID—Displays the email address of the user who is logged on. When you click the email address, the GUI displays the user menu which contains the Sign Out control that you use to log off from the Dashboard.

The Dashboard Tab

The Dashboard displays four small tiles and six large tiles that provide visual representations of information about Oracle® Communications Security Shield (OCSS) services and the call traffic crossing your telephony network boundary. The data displayed in the tiles reflects activity for the last twenty-four hours and refreshes each time you access the page. While viewing the page, the refresh rate depends on the setting you configure for auto-refresh.

The large tiles display graphs and charts to provide you with a complete view of how, why, and when OCSS protected your telephony network. You can click the Autonomous Threat Protection, Call Statistics, Device Status, and Call History tiles to see more detailed information about the statistics and to specify related settings.

To refresh the data while viewing the page, rather than re-launchiung the page to force the update, you can set the refresh rate at 10, 30, 60, or 90 seconds with the Auto Refresh control. The default is every 10 seconds.

The following screen capture shows the Dashboard.

This screen capture shows the Dashboard with data in all the tiles.

Note:

The Dashboard displays the last twenty-four hour period in your local time where the browser is launched in the top, left corner below the Oracle logo.

When the system has no data to show in the large tiles, the tiles display the graphics and messages shown in the following screen capture to let you know why there is no data.

This screen capture shows each of the large tiles in an empty data state. Each tile that has no data to display provides a message confirming that no activity occurred in the last twenty-four hours.

Note:

No data displays until you connect the on-premises devices and the OCSS service starts processing calls.

Autonomous Threat Protection

Autonomous Threat Protection displays the total number of threats that the Oracle® Communications Security Shield ( OCSS ) detected, of all types, in the last twenty-four hours and provides links to settings and configuration dialogs.

The following screen capture shows the Autonomous Threat Protection tile on the OCSS Dashboard with sample data. The system updates the display every five seconds.

This screen capture shows the Autonomous Threat Detection tile. which displays the total number of threats of all types that the OCSS detected in the last 24 hours.

Click the tile to see more information about the threats, as well as links to Threshold Settings and the Configuration Wizard. The expanded tile lists the types of threats that the OCSS reports for your subscription level and data for each one. The tile also includes the Edit Settings button, which displays links to the Autonomous Threat Protection settings configuration dialogs and the Configuration Wizard.

Premium Autonomous Threat Protection

When you click the Autonomous Threat Protection tile, the Web GUI displays information about threats the Oracle® Communications Security Shield (OCSS) detected and reports the data in the categories of risk that the Premium subscription supports. The data can help you get a more accurate understanding of the risks to your call center. After viewing the data, you can go to the Settings tab and change the enforcement actions for the call type classifications and reputation score classifications to improve responses to risky calls.

The following screen capture shows the Autonomous Threat Protection categories for the Premium subscription with sample data.

This screen capture shows how the OCSSC reports detected threats by way of the Autonomous Threat Detection tile on the Dashboard. It shows the threat name, the total number of threats, the action taken, the first occurrence, and the last occurrence.

Note:

Sometimes the Detected Threats count shows a higher number of total calls than you see on the Call Statistics tile. The reason is that OCSS counts every threat for a call and a call may have multiple associated threats. For example, suppose OCSS detects Toll Fraud and Severe Risk for a call. In this scenario, OCSS counts two threats for one call.

TDoS (Telephony Denial of Service)—Indicates that attackers generated large amounts of traffic volume to slow or interrupt legitimate inbound customer calls to the business. Examples of TDoS attacks include harassment, extortion, and ransom attacks. Attackers can leverage your network devices, through hacking, hijacking, and other means to launch TDoS attacks from your network to other parties.

Toll Fraud—Indicates that perpetrators accessed a company's phone lines then used those lines to call premium rate numbers that they have set up. The unsuspecting company has to pay the bill.

Traffic Pumping—Indicates calls that exceeded the configured upper threshold of the call attempt rate for five minutes.

Fraud Risk—Indicates high-risk unwanted calls likely originating from entities posing as legitimate callers with malicious intent, such as to defraud you. (This is not a call from a Fraud Risk department.) OCSS classified the call as a fraud risk, due to association with known scams or dangerous activity. Administrators typically set the enforcement action to Redirect Call for advanced authentication or Block.

Spam Risk—Indicates Spam or other unwanted calls from suspect phone numbers, such as phone numbers that originate large numbers of robocalls. OCSS classified the call as Spam, due to the caller's patterns indicative of spam calls. Administrators typically set the enforcement action to Block.

Call Center Call—Indicates wanted call notifications from direct marketers of goods and services to potential customers. Such calls include verification codes, appointment reminders, school announcements, and so on. OCSS classified the call as a Call Center Call, due to potential value to the recipients. Administrators typically set the enforcement action to Continue.

Spoofed Call—Indicates calls originating from an entity that disguised the caller's identity, hijacked the phone number, used a recently unassigned phone number, and other calls that do not fit into the other classifications. For example, a mis-entered phone number might classify as a Spoofed Call. Administrators typically set the enforcement action to Block.

Nonconforming Numbers—Indicates the calling number does not conform to E.164 conventions after number normalization. Possible reasons include errors in one or more normalization rules, incorrect number length, or the number contains prefixes and suffixes. A nonconforming number might also indicate a threat.

Critical Risk Calls—Indicates a high risk because the call activity is concentrated in a short time period, directed to a risky country, automated, or may deny service. Critical risk factors also include high numbers of unsuccessful calls, no long-term activity, and high short-term activity.

Severe Risk Calls—Indicates a high risk because there is no long-term activity and there is activity towards a high number of different phone numbers and unassigned phone numbers. Severe risk factors also include no long-term activity and high short-term activity.

Significant Risk Calls—Indicates a medium risk because the activity is call center-like, sparse, directed towards a high number of premium numbers, or comes from a high number of toll-free numbers. Significant risk factors also include a high number of completed calls and irregular call duration.

Suspicious Calls—Indicates calls where there is some amount of suspicion about the behavior, or the destination is of a higher risk, or the device used is more prone to abuse. Other factors include a high number of completed calls, irregular call duration, little long-term activity, and high short-term activity.

For information about the Edit Settings button, see Configuration Links From the Autonomous Threat Protection Tile

Standard Autonomous Threat Protection

When you expand the Autonomous Threat Protection tile, the Web GUI displays information about threats the Oracle® Communications Security Shield (OCSS) detected and reports the data in the categories of risk that the Standard subscription supports. The data can help you get a more accurate understanding of the risks to your call center. After viewing the data, you can go to the Settings tab and change the enforcement actions for the call type classifications and reputation score classifications to improve responses to risky calls.

The following screen capture shows the Autonomous Threat Protection categories for the Standard subscription with sample data.

This screen capture shows the threats the Standard Autonomous Threat Protection tile reports and the data for each. The header row displays from left to right columns for Threat Name, Total, Action Taken, First Occurrence, and Last Occurrence. The Threat Name column displays the following threats from top to bottom: High Risk Calls, Suspicious Calls, Unclassified Calls, Telephony Denial of Service calls, Toll-Free Traffic Pumping calls, and Toll Fraud calls.

Note:

Sometimes the Detected Threats count shows a higher number of total calls than you see on the Call Statistics tile. The reason is that OCSS counts every threat for a call and a call may have multiple associated threats. For example, suppose OCSS detects Toll Fraud and High Risk for a call. In this scenario, OCSS counts two threats for one call.

TDoS (Telephony Denial of Service)—Indicates that attackers generated large amounts of traffic volume to slow or interrupt legitimate inbound customer calls to the business. Examples of TDoS attacks include harassment, extortion, and ransom attacks. Attackers can leverage your network devices, through hacking, hijacking, and other means to launch TDoS attacks from your network to other parties.

Toll Fraud—Indicates that perpetrators accessed a company's phone lines then used those lines to call premium rate numbers that they have set up. The unsuspecting company has to pay the bill.

Traffic Pumping—Indicates calls that exceeded the configured upper threshold of the call attempt rate for five minutes.

Nonconforming Numbers—Indicates the calling number does not conform to E.164 conventions after number normalization. Possible reasons include errors in one or more normalization rules, incorrect number length, or the number contains prefixes and suffixes. A nonconforming number might also indicate a threat.

High Risk Calls—Indicates calls with low reputation, which means high risk. For example, a low risk score occur when a phone number exhibits suspicious characteristics such as when the caller is anonymous, when call spoofing is detected, when a number is used for a detected threat, or when the number is invalid, unassigned, or unallocated.

Suspicious Calls—Indicates calls where there is some amount of suspicion about the behavior, or the destination is of a higher risk, or the device used is more prone to abuse. Other factors include, a high number of completed calls, irregular call duration, little long-term activity, and high short-term activity.

For information about the Edit Settings button, see Configuration Links From the Autonomous Threat Protection Tile.

Configuration Links From the Autonomous Threat Protection Tile

When you click the Autonomous Threat Protection tile on the Dashboard, the Oracle® Communications Security Shield (OCSS) displays the Detected Threats page, which contains the Edit Settings button.

Click Edit Settings to display links to the Autonomous Threat Protection settings dialogs and the Configuration Wizard.

This screen capture shows the Autonomous Threat Protection settings dialogs and the Configuration Wizard, when you click Edit Settings.

Autonomous Threat Protection—The OCSS algorithm uses configurable threshold and action settings along with other resources to determine the recommended actions on calls. Oracle sets the defaults for the thresholds and actions, which you can change on the Autonomous Threat Protection Settings page. Oracle recommends that you revisit these settings regularly because adjusting them is a continuous process as your business evolves. You might adjust the settings, for example, to allow for marketing campaigns and daily call peaks. The Autonomous Threat Protection Settings page displays links to the dialogs where you can set the thresholds and actions that you want for your deployment. The following screen capture shows the categories of the settings that you can specify.

This screen capture shows the links that display on the Autonomous Threat Protection Settings page.

Note:

You can also reach the Autonomous Threat Protection Settings page through the Settings tab.

Configuration Wizard—The Configuration Wizard asks you questions and uses your answers to set various parameters for managing and securing call traffic. You can use the Wizard for the initial configuration as well as for subsequent changes that you want to make.

Learn About the OCSS Configuration Wizard

The first time the Administrator logs on to the OCSS Dashboard after establishing your subscription, the system launches the configuration Wizard and displays the Welcome screen. For established OCSS installations, log on and launch the Configuration Wizard from either the Settings tab or the Autonomous Threat Detection dialog.

Call Statistics

Call Statistics displays the total number of SIP calls that passed in and out of your telephony network in the last twenty-four hours. When you click the tile, the system displays the default reports with more detailed information. You can also create custom reports to filter the data to suit your business needs.

Call Statistics

This screen capture shows the Total Calls tile, which displays the total number of SIP calls that passed through your telephony network in the last 24 hours.

To see more detailed information about the calls, click the Call Statistics tile. The display defaults to the Total Calls Report and the Total Calls Table reports. Click the tabs at the bottom of the page to toggle between the reports.

Note:

You can create more analytics reports. See Call Traffic Analytics Display Operations.

Total Calls Report

This screen capture shows the Total Calls report page with sample data.

The default Total Calls Report displays the following graphical displays of the data:
  • Total Calls—Displays the total number of calls for a period of time, which you can set on the Call Start Time and Call End Time tabs. The display shows the totals for inbound and outbound calls separately. You can view the data in either a graphical display or as a table, by using the Total Calls and Total Calls Table toggles in the lower left corner of the screen.
  • Inbound—Displays the number of inbound calls out of the total number of calls.
  • Outbound—Displays the number of outbound calls out of the total number of calls.
  • Call Count per SBC—Displays the total number of calls for a period of time, which you can set on the Call Start Time and Call End Time tabs. The display can show the call count for one or more Oracle Communication Border Controllers (OCSBC), which you specify on the OCSBC Server ID tab. The display uses different colors to represent each OCSBC.
  • Calls by Reputation Score—Displays the numbers of calls with reputation scores considered Not verified, Regular, Suspicious, and Unknown. The display uses different colors to represent each reputation level. When you hover over a column, the display shows the number of calls of that type.
  • Call Enforcement—Displays the types of enforcement applied over a period of time, which you can set on the Call Start Time and Call End Time tabs. When you hover over a spike on the time line, the report displays the Stats ID Count, Final Outcome, and Call Start Time for that point in time. The display uses different colors to represent each type of enforcement.
  • Call Rate—Displays the rate of calls over a period of time, which you can set on the Call Start Time and Call End Time tabs. When you hover over a spike on the time line, the report displays the Stats ID Count and Call Start Time for that point in time.
At the top of the page, the Total Calls report displays a set of default tabs that you can click to customize the report output:
  • Call Start Time—Specify a day or range of days as the beginning of the time period that you want the reports to display.
  • Call End Time—Specify a day or range of days as the ending of the time period that you want the reports to display.
  • SBC Server ID—Specify one or more OCSBCs that you want the displays on the Total Calls page to report on.
  • Called Number—Specify one or more called phone numbers to report on.
  • Calling Number—Specify one or more calling phone numbers to report on.
  • Reputation Call Score—Specify one or more reputation score types that you want the displays on the Total Calls page to report on.
  • Final Outcome—Specify one or more outcomes that you want the displays on the Total Calls page to report on.
  • Enforcement Action—Specify one or more enforcement actions that you want the displays on the Total Calls page to report on.
.

Total Calls Table

On the Total Calls Table, you can see detailed information about each call that OCSS evaluated, including the outcome. The following screen capture shows an example.

This screen capture shows an example of the total calls table, accessed from the Call Statistics tile by way of the total calls tab on the total calls report. This table provides detailed information about each call that OSSC evaluated. From left to right, the column headers are: calling number, called number, reputation call score, call start time, SBC server ID, ingress, and final outcome.

Note:

After a call is terminated Oracle® Communications Security Shield (OCSS) sends the final information to the analytics service, which uses batch processing to render the reports. Processing may take up to five minutes before the call information displays in the Call Statistics tile and reports, depending on the total amount of data in the batch and the total amount of call data.
Total Calls Report and Total Calls Table Controls

Each tab at the top of the Total Calls and Total Calls Table pages displays controls for refining the report.

Report Tabs Controls

All tabs, except Call Start Time and Call End Time, display the following controls.

This screen capture shows the five operations you can perform on the tabs on the Total Calls report page. Each one is numbered. See the following list for descriptions.

The following list describes the controls in the preceding screen capture.
  1. Use menu to the right of the Search field to filter your search.
  2. Use the menu to the right of Selections to include or exclude items on the list in the report results.
  3. Double-click the item in the left pane to move it to the list in the right pane.
  4. Double-click the item in the right pane to move it to the left pane.
  5. Click the icon to display data for the selected item, only.

Call Start Time and Call End Time Controls

The Call Start Time and Call End Time tabs display a date selector for setting the time frame for the data shown in the report.

This screen capture shows the date selector tool for the Total Calls page.

In the date selector, you can specify either a single date or a date range. Setting a date range for Call Start Time tells the system to start the report display with the first call it finds in the range. Setting a date range for Call Start Time tells the system to end the report display with the last call it finds in the range.

Device Status

Device Status displays the number of your OCSS network devices, such as the Session Border Controller and the Cloud Communication Service, that are connected. The system updates the display every five seconds.

This screen capture shows the Device Status tile, which displays the number of OCSS devices you have and the number that are in service,

When you expand the Device Status tile, the Dashboard displays the connection status of each device in a hierarchical view, as shown in the following illustration.

This screen capture shows the connection status of each OCSS device. It shows the name of the device, the software version running on the device, the date of the first registration and the date of the most recent registration.

Devices include the Cloud Communication Service (CCS) and the Oracle Communications Session Border Controller (OCSBC). When you configure a device, it automatically starts to register. Device Status also lists the software version running on each device, the date when the device initially registered, and actions taken.

The only interactive function provided is the ability to delete a device with the delete icon, which displays in the Action column. Before deleting a device, you must either take the device offline or disable the configuration that allows it to connect to the OCSS service. If you do not, the device will re-register on its own, and will reappear in the device list. You cannot delete a parent device until you delete all of its children devices.

You cannot add or connect a device from the Device Status tile. See "OCSS Deployment Process" in the OCSS Installation and Maintenance Guide for information about adding devices, which you do by way of the respective installation procedures for the CCS and OCSBC.

Subscription Usage

Subscription Usage displays information about the status of your Oracle® Communications Security Shield (OCSS) subscription and provides warnings when you near your usage limit and renewal date.

The Subscription Usage tile displays the type of subscription plan (Standard or Premium) and the number of
  • calls that your plan quota allows per subscription term.
  • calls that passed through your OCSS deployment since your subscription began. (Calls Used as a total and as a percentage of your quota.)
  • calls remaining in your annual quota.
  • calls over your annual quota.
  • days left before your subscription expires.
  • days left before Oracle suspends service after your subscription expires.

Note:

The system updates the display every ten seconds by default. You can change the setting with the Auto Refresh rate control on the Dashboard.

In normal conditions where no warnings are necessary, the Subscription tile displays Calls Left in black and Days Left in black.

This screen capture shows the subscription usage tile with the number of calls left on the left hand side and the number of days left on the right hand side. It displays the number of calls used at the bottom. The calls left and days left numbers both display in black.

The Subscription Usage tile displays the Warning badge and changes the color of the Calls Left and Days Left counters when the following conditions exist:
  • When your annual subscription quota usage is equal to or greater than 75%, the Calls Left counter changes from black to red.

    This screen capture shows the color change for the Calls Left counter.

  • When the number of days left in your subscription period less than 90 days and greater than 30 days from the expiration date, the Days Left counter changes from black to red.

    This screen capture shows the color change for the Days Left counter.

The Subscription Usage tile displays the Critical badge when one or more of the following conditions exist:
  • When your annual subscription quota usage is equal to or greater than 90%, the Calls Left counter displays in red.

    This screen capture shows the critical badge on the subscription usage tile for a low number of calls left. The Calls Left number on the left displays in red and the Days Left number on the right displays in black.

  • When the Calls Left counter reaches zero, the label changes to Calls Over Quota and counts each call over your quota.

    This screen capture shows the critical badge on the subscription usage tile for calls exceeding quota. The calls over quota number on the left displays in red and the days left number on the right displays in black.

  • When the number of days left in your subscription period is equal to or less than 30 days from the expiration date, the Days Left counter displays in red.

    This screen capture shows the critical badge on the subscription usage tile for a low number of days left. The Calls Left number on the left displays in black and the Days Left number on the right displays in red.

The Subscription Usage tile displays the Expired badge when the following condition exists:
  • When the number of days left until your subscription reaches 0 and expires, the label changes from Days Left to Days Until Service Suspension. The counter re-starts with 30 days (the grace period) and counts down to 0.

    This screen capture shows the expired badge. Both numbers are red.

When the grace period expires, Oracle restricts access to the GUI and displays the following Service Suspended message.

This screen capture shows the message that OCSSC sends when service is suspended due to non-renewal. It provides the date on which service stopped.

Note:

Oracle's subscription usage calculations allow for seasonal peaks in traffic so that you do not need to increase your subscribed monthly quota during peak periods, provided that the ebbs in traffic offset the peaks in the twelve month contractual period.

You can renew your Oracle® Communications Security Shield (OCSS) subscription at any time before service suspension. If you did not renew your service and Oracle suspends the service, you can still get your service reinstated by renewing your subscription. Contact your Oracle Sales Representative or Oracle Partner to renew your service.

Subscription Suspension and Termination Process

Although you can renew your Oracle® Communications Security Shield (OCSS) subscription before you reach the stated end date, Oracle understands that your renewal processes may require more time. To support you, OCSS adopted the default subscription suspension and termination process used for other Oracle SaaS offerings.

The process provides early notifications and visual Subscription Usage alerts on the Dashboard when your subscription nears its end date, along with the following time-based phases.

Grace Period

The grace period begins after the subscription end date and lasts for thirty days. During the grace period OCSS continues to process calls and you can access the Dashboard and analytics reports pages. OCSS continues to increment subscription usage during the grace period. If you renew before the grace period ends, Oracle can renew your OCSS tenancy and retrieve your data.

Suspension Period

The suspension period begins after the grace period end date and lasts for a maximum of thirty days. During the suspension period the Session Border Controller continues to process and route calls, but OCSS no longer processes calls. You can no longer access the OCSS Dashboard and analytics or export data. You can still log on to Oracle Cloud Infrastructure, Identity Domain, and the Web GUI, but the OCSS Dashboard displays only the "Suspended Service" message. If you renew before the suspension period ends, Oracle can reinstate your OCSS tenancy to active status and retrieve your data.

Termination

If you do not renew your subscription before your suspension period ends, Oracle automatically terminates your OCSS tenancy and purges all your data. Note that your data is neither retrievable nor recoverable after purging.

Threats by Count

Threats by Count displays the threat types that the Oracle® Communications Security Shield (OCSS) detected in the last twenty-four hours. The data can help you get a more accurate understanding of the risks to your call center. After viewing the data, you can go to the Settings tab and change the enforcement actions for the Call Type Classifications (Premium subscribers), Reputation Score Classifications (Standard and Premium subscribers), and Threat Vector Thresholds (Standard and Premium subscribers) to improve responses to risky calls.

Threats by Count Tile

The following screen capture shows an example of the Premium Threats by Count tile, which displays the threat types on the vertical axis of the chart and the number of each type on the horizontal axis.

This screen capture shows the Premium Threats by Count tile, which displays the threat types on the vertical axis of the chart and the number of each type on the horizontal axis.

Standard Threats by Count Tile

The following screen capture shows the Standard Threats by Count tile, which displays the threat types on the vertical axis of the chart and the number of each type on the horizontal axis.

This screen capture shows the Threats by Count tile for Standard subscribers, which displays the threat types on the vertical axis of the chart and the number of each type on the horizontal axis.

Note:

The Threats by Count tile may not list all of the possible threat types at any given time because it displays only the classifications in which threats occurred in the most recent update.

Call Classifications

Call Classification displays the number of calls per risk type and the percent that each type represents of total calls. The calls reported per classification result from all of the factors that go into determining the call reputation score, which includes the settings you configure for Autonomous Threat Protection (Dashboard tab), Reputation Score Classification (Settings tab), and Call Type Classification (Settings tab). Each graph displays colored sections keyed to the call classification types.

Premium Call Classifications

The Premium Call Classification tile displays a circular graph that shows you the total number of calls and the percentage of those calls per classification type. The default display shows all classifications. You can customize the display by clicking the colored squares by the names of the classification types to show or hide the ones you want to see. The show or hide selections you make persist only for your current session.

The following screen capture shows an example of the Premium Call Classification tile in the default view with all classifications showing.

This screen capture shows the graph displaying data for all of the possible call classifications.

This screen capture shows an example of the Premium Call Classification tile with the data for the Acceptable and Good call classifications hidden from view.

This screen capture

Hover over a section of the graph to see the number of calls for the classification.

Standard Call Classifications

The Standard Call Classification tile displays a pie chart showing the total number of calls and the percentage per classification.

The following screen capture shows an example of the Standard Call Classification tile.

This screen capture shows a call classification pie chart with two sections. Each section is color coded to coordinate with the category key displayed at the right side of the tile. High Risk is shown in orange. Suspicious is shown in yellow. Acceptable is shown in gray.

Hover over a section of the pie chart to see the number of calls and the percentage of total calls for the category.

Top Threat Sources

Top Threat Sources displays the top sources of threats and the actions the system applied to all calls both inbound (ingress) and outbound (egress). Actions include Allowed, Throttled, Blocked, and Redirected. (A threat source is a phone number.) Each bar graph represents one of the threat sources and each section represents an applied action. When you hover over a section of the bar graph, the Dashboard displays the number of threats the OCSS acted on per action type. The system updates the display every fifteen seconds.

This screen capture displays the information described in the preceding paragraph. It also shows an example of the information displayed when you hover over a section of the bar graph.

Top Targeted Enforcement Points

Top Targeted Enforcement Points displays up to ten of your network enforcement points with the number and types of risky attacks each one received in the last twenty-four hours. An enforcement point is the device that applies the actions that you configured for responses to attacks, for example, a session border controller. The version of the Top Targeted Enforcement Points display that you see depends on the subscription plan that you purchased (Standard or Premium).

The following screen captures show examples of the Top Targeted Enforcement Points for the Premium and Standard subscriptions. Each vertical bar represents one enforcement point and each section of a bar represents a call type, according to the color key. When you hover over a section of the bar graph, the GUI displays the name of the enforcement point and the number of times the enforcement point was targeted by the attack type. Attack types include the risky call types, as well as Telephony Denial of Service (TDoS), and Toll Fraud calls.

Premium Subscription

This screen capture displays the information described in the preceding paragraph.

Call History

Call History displays the total number of calls processed in the last twenty-four hours. When you click the tile, the system displays the default reports with more detailed information. You can also create custom reports to filter the data to suit your business needs.

Call History Display

With the controls in the upper, right corner, you can choose either a linear display or a bar graph display. When you hover over a point in time in either display, the Dashboard displays the total number of calls processed and the number of each action applied. The system updates the display every fifteen seconds.

This screen capture shows the Call History tile, which displays the number of number of calls over time. In graphic format, it shows the highs and lows of call volume. This screen capture shows the Call History tile, which displays the number of number of calls over time. In graphic format, it shows the highs and lows of call volume.

To see more detailed information about call history, click the Call History tile. The display defaults to the Call History and Calls Table reports. Click the tabs at the bottom of the page to toggle between the reports.

Note:

You can create more analytics reports. See Call Traffic Analytics Display Operations.

Call History Report

This screen capture shows the Call History report page with sample data.

The Call History report displays the following graphical displays of the data:
  • Calls by Final Outcome—Displays a pie chart showing the total number of calls acted on and the number of calls per type of action. When you hover over a section of the chart, the report displays the number of calls acted on and their percentage of the total calls.
  • Calls to Call Duration—Displays the relation of call durations across a time line. A number of short calls might indicate spam and robo calls. A spike of long calls might indicate toll fraud.
  • Enforcement Action—Displays a pie chart showing the total number of enforcement actions applied. When you hover over a section of the chart, the report displays then number and percent of enforcements per type.
  • Reputation Score Over Time—Displays changes in reputation scores over time. You might want to investigate any deviations.
  • Call Rate—Displays numbers of calls per second over a period of time. The graph shows increases in activity. Though some spikes might be accidental and harmless, Oracle recommends investigating spikes in the call rate.
At the top of the page, the Call History report displays a set of tabs that you can click to customize the report output:
  • Called Number—Specify one or more called phone numbers to report on.
  • Calling Number—Specify one or more calling phone numbers to report on.
  • Final Outcome—Specify one or more outcomes that you want the displays on the Call History page to report on.
  • Call Type—Specify the type of number called to report on.
  • Applied Policy—Specify one or more policies that you want the displays on the Call History page to report on.
  • SBC Server ID—Specify one or more session border controllers that you want the displays on the Call History page to report on.

Calls Table

On the Calls Table, you can see detailed information about each call that OCSS evaluated. The following screen capture shows an example.

This screen capture shows an example of the calls table, accessed from the Call History tile by way of the calls tab on the call history report. This table provides detailed information about each call that OSSC evaluated. From left to right, the column headers are: calling number, called number, call start time, call end time, call duration, ingress, call type, SBC server ID, enforcement action, and call reputation grade.

Note:

After a call is terminated Oracle® Communications Security Shield (OCSS) sends the final information to the analytics service, which uses batch processing to render the reports. Processing may take up to five minutes before the call information displays in the Call History tile and reports, depending on the total amount of data in the batch and the total amount of call data.
Call History Report Tabs Operations

Each tab on the Call History page displays the following set of controls for refining the report.

Report Tabs Controls

This screen capture shows the five operations you can perform on the tabs on the Call History report page. Each one is numbered. See the following list for descriptions.

The following list describes the controls in the preceding screen capture.
  1. Use menu to the right of the Search field to filter your search.
  2. Use the menu to the right of Selections to include or exclude items on the list in the report results.
  3. Double-click the item in the left pane to move it to the list in the right pane.
  4. Double-click the item in the right pane to move it to the left pane.
  5. Click the icon to display data for the selected item, only.

Access Control List Enforcement Actions

Access Control List Enforcement Actions displays a pie chart with the total number of calls affected by your access control lists, which includes blocked, redirected, and throttled calls. When you hover over a section of the pie chart, the tile shows the action taken and the number of call actions for the type. The system updates the display every fifteen seconds.

This screen capture shows the Access Control Enforcement Actions tile, which displays a pie chart showing the percentages of blocked, redirected, and rate limited calls.