Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Sky ATP Events and Logs Overview

    You can use the Sky ATP Events page to view the information about security events based on Sky ATP policies. Analyzing the Sky ATP logs yields information such as malware name, action taken, infected host, source of an attack, and destination of an attack.

    Using the Time Range slider, you can quickly focus on the area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.

    There are two ways to view your data. You can select either the summary view or the detail view.

    Sky ATP Events—Summary View

    Click Summary View for a brief summary of all the Sky ATP events in your network. The data presented in the area graph is refreshed automatically based on the selected time range.

    You can use widgets to view critical information, such as top infected hosts, top malware, top source countries, and top destination countries. See Table 1 for descriptions of the widgets in this view.

    Table 1: Sky ATP Events Summary View Widgets

    Widgets

    Description

    Top Infected Hosts

    Top infected hosts based on their associated threat level and blocked status.

    Top Malware

    Top malware found based on the number of times the malware is detected over a period of time.

    Top Source Countries

    Top source countries from where the event source originated; sorted by the number of IP addresses.

    Top destination countries

    Top destination countries targeted for the attack; sorted by the number of destination IP addresses.

    Sky ATP Events—Detail View

    Click Detail View for comprehensive details of all Sky ATP events in a tabular format that includes sortable columns. You can sort the events using the Group by option. For example, you can sort the events based on threat severity. The table includes information such as the event name, source country, source IP, destination country, malware information, and so on.

    See Table 2 for descriptions of columns in this view.

    Table 2: Sky ATP Events Detail View Columns

    Column

    Description

    Log Generated Time

    The time when the log was received.

    Event Name

    Event name of the log.

    Source Country

    Source country name from where the event originated.

    Source IP

    Source IP address from where the event occurred.

    Destination Country

    Destination country name from where the event occurred.

    Client Hostname

    The hostname of the client requesting the DHCP server.

    Malware Info

    Information about the malware.

    Destination IP

    Destination IP address of the event.

    Source Port

    Source port of the event.

    Destination Port

    Destination port of the event.

    Description

    Description of the log.

    Attack Name

    Attack name of the log.

    Threat Severity

    The threat severity of the event.

    Policy Name

    The policy name in the log.

    Action

    Action taken for the event: warning, allow, and block.

    Log Source

    The IP address of the log source.

    Application

    The application from where the events or logs are generated.

    Hostname

    The hostname in the log.

    Service Name

    The name of the application service. For example, FTP, HTTP, SSH, and so on.

    Nested Application

    The nested application in the log.

    Source Zone

    The source zone of the log.

    Destination Zone

    The destination zone of the log.

    Protocol ID

    The protocol ID in the log.

    Modified: 2017-12-17