Technical reference for Shield, Intrusion's prevention-first network security platform. Shield blocks malicious traffic at the network layer using the Global Threat Engine and 8.5 billion IP and DNS combinations refined since 2001.
| What it does | Blocks malicious network traffic at the network layer using reputation-based threat intelligence. |
|---|---|
| Who it's for | Security teams needing prevention-first network defense. |
| How it deploys | Shield's five products cover cloud, Shield OnPremise, endpoint, monitoring, and management. |
| What you get | Prevention of known-bad connections with full evidence of what was blocked. |
Command Hub manages Shield Stratus, Shield OnPremise, and Shield Endpoint from one web interface. Event log, policy editor, role-based access, CSV and Excel export. Shield Sentinel is operated independently and is not surfaced here. The console is for engineers, not analysts.
For the architect tired of vendor consoles that conflate "platform management" with "alert triage queue."
Four functions, named. Investigate blocked events. Tune policy. Manage users and groups. Export evidence. Sentinel runs independently and is not surfaced. The console is built around the assumption that the architect investigates and tunes, not the analyst triages.
Chronological event stream of every blocked connection across enforcement platforms. Filter by platform, time range, source, destination, threat category, or policy. Click any event for the full forensic record.
Allowlist destinations, suppress threat categories, switch enforcement mode (Observe Mode to enforcement on Stratus and Shield OnPremise), adjust per-direction policy on Stratus.
Observer, User, Administrator roles. Each user gets a role per group. Default group per client; users can span multiple groups with different roles in each.
| Specification | Detail |
|---|---|
| Deployment | Web console |
| Platforms managed | Shield Stratus, Shield OnPremise, Shield Endpoint |
| Sentinel integration | None. Sentinel runs independently. |
| Roles | Observer (read-only), User (operate), Administrator (govern) |
| Group structure | Default per-client groups; users can span multiple groups with role-per-group assignments |
| Event log retention | 72 hours on-platform |
| Export | CSV and Excel; filtered or full event sets |
| SIEM forwarding | Syslog (Shield OnPremise platform); configured per deployment |
| SSO | Not currently offered. Local accounts with role-based access. |
| Public API | None currently exposed. |
| Native integrations | None for ticketing, PSA, RMM, or SOAR. Forward via SIEM for downstream automation. |
Event log + drill-down + forensic record. Answer in 30 seconds without opening a ticket. The most common Command Hub workflow.
Allowlist legitimate destinations, suppress noisy threat categories for specific source ranges, validate Observe Mode results before flipping platforms to enforcement.
Export filtered event sets to CSV or Excel for incident reports, audit trails, or downstream SIEM ingestion.
For partners managing multiple clients: each client a separate group, each user a role per group. Single console, scoped access.
The list of "is this in the console" answers, in plain English.
Switch between platforms without going back to the overview.
30 minute walkthrough. Real event log, policy tuning, role assignments.
RECOMMENDED NEXT STEP