Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Monitor Security Intelligence Events

 

You are here: Monitor > Events > Security Intelligence.

Use the monitoring functionality to view the Security Intelligence page.

Using the time-range slider, you can quickly focus on the time and area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.

You can select either the Grid View tab or the Chart View tab to view your data:

  • Grid View—View the comprehensive details of security intelligence events in a tabular format that includes sortable columns. You can group the events using the Group By option. For example, you can group the events based on source country. The table includes information such as the event name, source address, source country, destination country, and so on. Table 1 describes the fields on the Grid View page.

  • Chart View—View a brief summary of all the security intelligence events in your network. The top of the page has a swim lane graph of all the security intelligence events. You can use the widgets at the bottom of the page to view critical information such as, top compromised host and top C&C Servers. Table 2 describes the widgets on the Chart View page.

Table 1: Security Intelligence—Fields on the Grid View Page

Field

Description

The filter is that is displayed above the grids.

Options available in the filter list are:

  • Event Name—Displays the event name of the log.

  • Source Address—Displays the source addresses to be used as match criteria for the policy. Address sets are resolved to their individual names.

  • Destination Address—Displays the destination addresses (or address sets) to be used as match criteria for the policy. Addresses are entered as specified in the destination zone’s address book.

Select the criteria or parameter on which you want to construct the filter statement.

Go

Executes the filter statement that is displayed in the text box.

Click Go.

X

Clears the filters.

Click X.

Show Hide Column Filter icon represented by three vertical dots

Enables you to show or hide a column in the grid.

Timestamp

Displays the time when the log was received.

Event Name

Displays the event name of the log.

Source Country

Displays the source country of the log.

Source Address

Displays the source address from where the event occurred.

Destination Country

Displays the destination country of the log.

Destination Address

Displays the destination address of the event.

Destination Port

Displays the destination port of the event.

Source Port

Displays the source port of the event.

Description

Displays the description of the log.

Source Zone Name

Displays the name of log source zone.

Host name

Displays the host name in the log.

Action

Displays the action taken on the communication (permitted or blocked).

Interface Name

Displays the name of the interface.

Domain

Displays the network or subnetwork to which the device belongs.

Table 2: Security Intelligence—Widgets on the Chart View Page

Field

Description

Top Compromised Hosts

Displays the list of the top compromised hosts based on their associated threat level and blocked status.

Top C&C Servers

Displays a color-coded map displaying the location of Command and Control servers. Click a location on the map to view the number of detected sources.

Related Documentation