Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Threat Map Overview

    The threat map allows you to visualize geographical regions for incoming and outgoing traffic. You can view blocked and allowed threat events based on feeds from IPS, antivirus, and antispam engines. Unsuccessful login attempts for devices are also displayed. An event count for each attack object can be viewed by clicking a specific geographical location. This is useful for viewing unusual activity that could indicate a possible attack. If you have deployed your firewall devices across the globe, you can find the country that is attacking your firewall devices the most by using the threat map.

    Threats are color-coded and can be seen at the bottom of the page. You also get a quick view of total number of threats blocked and allowed, an individual count of threats blocked and allowed for each event, as well as the top targeted devices, top destination countries, and top source countries.

    You can click any individual source or destination point on the map to review information about the threat events, including the number of threat events, type of threat, time of events, source IP, and destination IP. You can also perform further analysis of the attack by clicking the attack type and viewing the filtered list of events from the Event Viewer.

    Click a country on the threat map to bring up the respective country page. You can view the total threat events since midnight, followed by inbound and outbound threat events. You see the highest top five inbound and outbound IP addresses. You can also view all IP addresses with the option to block one or more of them. In addition, you can block all traffic or only the inbound and outbound traffic for the selected country.

    Click View Details to see more details for the country on the right panel. In addition, you can see total number of inbound and outbound threats for each event.

    Table 1 describes different types of threats blocked and allowed.

    Table 1: Types of Threats

    Attack

    Description

    IPS Threat Events

    Intrusion detection and prevention (IDP) attacks detected by the IDP module.

    The information reported about the attack includes:

    • Source of attack
    • Destination of attack
    • Type of attack
    • Session information
    • Severity
    • Policy information that permitted the traffic.
    • Action: traffic permitted or dropped.

    Spam Events

    E-mail spam that is detected based on the blacklist spam e-mails.

    The information reported about the attack includes:

    • Source
    • Action: E-mail is rejected or allowed.
    • Reason for identifying as e-mail spam.

    Virus Events

    Virus attacks detected by the antivirus engine.

    The information reported about the attack includes:

    • Source of the infected file
    • Destination
    • Filename
    • URL used for accessing the file

    Device Authentications

    The firewall authentication messages generated due to unauthorized attempts to access the network. The reported information contains the reason for authentication failure and the source of the request.

    Note: Threats with unknown geographical IP addresses are displayed as undefined.

    Modified: 2016-12-07