Help Center User GuideGetting StartedFAQ
 
X
User Guide
Getting Started
FAQ
Contents  

About the Screen Events Page

To access this page, click Monitor > Security Events > Screen.

Use this page to view information about screen events that occur as a result of the screen options configured on SRX Series or vSRX security devices. Screen options are a detection and defense mechanism configured to filter the connection attempts bound towards a security zone. Screen options are used to prevent attacks, such as IP address sweeps, port scans, denial of service (DOS) attacks, Internet Control Message Protocol (ICMP), UDP, and SYN (Synchronize) floods.

You can view information related to screen events, including ICMP screening, IP screening, TCP screening, and UDP screening.

Using the time-range slider, you can quickly focus on the time and area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.

There are two ways to view your data. You can select either the Summary View tab or the Detail View tab.

Tasks You Can Perform

You can perform the following tasks from this page:

Summary View

The top of the page has a swim lane graph of all the screen events. You can use the widgets at the bottom of the page to view critical information such as, top sources, top source countries, top destinations, and top destination countries.

Table 33 describes the widgets on the Detail View page.

Table 33: Widgets on the Summary Page

Field

Description

Top Sources

Top five source IP addresses with highest network traffic.

Top Destinations

Top five destination IP addresses with highest network traffic.

Top Source Countries

Top five countries from which the traffic that triggered the highest number of events originated and the number of events per country.

Top Destination Countries

Top five countries to which the traffic that triggered the highest number events was sent and the number of events per country.

Detail View

You can group the events using the Group By option. For example, you can group the events based on source country. The table includes information such as the event name, UTM category, source IP address, source country, and so on.

Table 34 describes the fields on the Detail View page.

Table 34: Fields on the Detail View Page

Fields

Description

Log Generated Time

Time when the event occurred.

Log Received Time

Time the log was received at the log collector.

Site

Name of the tenant site from which the event originated.

Event Name

Name of the device event in the log.

Source Country

Country from which the traffic that triggered the event originated.

Source IP

Source IP address for the traffic that triggered the event (IPv4 or IPv6).

Destination Country

Country to which the traffic that triggered the event was sent.

Destination IP

Destination IP address for the traffic that triggered the event (IPv4 or IPv6).

Source Port

Source TCP/UDP port number of the traffic that triggered the event.

Destination Port

Destination TCP/UDP port number of the traffic that triggered the event.

Attack Name

Name of the attack in the log for threat event. For example, trojan, worm, virus, and so on.

Description

Brief description of the event.

Threat Severity

Level of severity of the threat. For example, minor, major, critical, and so on.

Policy Name

Name of the policy which generates the log. The policy is configured on the SRX Series or vSRX device.

Virus Name

This field is not applicable for screen events.

URL

Accessed URL that triggered the event.

Event Category

Event category in the log. For example, screen.

User Name

User name identified by the SRX Series or vSRX device, if user identity is enabled on the device.

Argument

Type of traffic. For example, FTP and HTTP.

Action

Action taken for the event. For example, warning, allow, and block.

Log Source

IP address of the device where the log is received (IPv4 or IPv6).

Application

Name of the application associated with the traffic that triggered the event.

Host Name

Hostname of the device where the log was generated.

Service Name

Name of the application service used for the traffic that triggered the event. For example, FTP, HTTP, SSH, and so on.

Nested Application

Nested application associated with the traffic that triggered the event.

Source Zone

Source security zone of the traffic that triggered the event.

Destination Zone

Destination security zone of the traffic that triggered the event.

Protocol ID

Protocol ID of the traffic that triggered the event.

Roles

Roles of the user as defined in the Active Directory, if available.

Reason

Reason for the log generation. For example, unrestricted access.

NAT Source Port

Translated source port.

NAT Destination Port

Translated destination port.

NAT Source Rule Name

NAT source rule name configured on the SRX Series or vSRX device.

NAT Destination Rule Name

NAT destination rule name configured on the SRX Series or vSRX device.

NAT Source IP

Translated source IP address for the traffic that triggered the event (IPv4 or IPv6).

NAT Destination IP

Translated destination IP address for the traffic that triggered the event (IPv4 or IPv6).

Traffic Session ID

Traffic session ID of the log.

Path Name

This field is not applicable for screen events.

Logical System Name

Name of the logical system which received the log.

Rule Name

Name of the rule which generates the log. This rule is configured on the SRX Series or vSRX device.

Profile Name

Name of the profile which filters the traffic that triggered the event.

Client Host Name

Hostname of the client associated with the traffic that triggered the event. For example, if a specific computer is infected, the name of that computer is displayed.

Malware info

Information about the malware causing the event.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit