You are here: Monitor > Logs > Threats.
Use the monitoring functionality to view the security threats. Threats are defined as any IPS, screen, security intelligence, antivirus, content filtering, or antispam.
Threat page is available on all the SRX Series devices except the SRX5000 line of devices.
Table 1 describes the fields on the Threats page.
Table 1: Fields on the Threats Page
Select the time from the list to view the activity that you are most interested in. Once the time is selected, all of the data presented in your view is refreshed automatically.
You can also use Customize to set a custom date and click Apply to view the specified threats.
Click the refresh icon to get the latest threat information.
Show Hide Columns
This icon is represented by three vertical dots.
Enables you to show or hide a column in the grid.
Export to CSV
You can export the threats data to a comma-separated value (.csv) file.
Select the three vertical dots on the right-side of the page and click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 sessions data.
Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string. In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.
Click X to clear your search filter.
Click Save Filter to save filters after you specify the filtering criteria.
To save a filter:
Displays the saved filters list.
Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon.
Displays the time when the threats log was received.
Displays the threats log type. For example, IPS, Antivirus, Antispam, and so on.
Displays the name of the event.
Displays the severity of the threat.
Displays the source zone of the threats.
Displays the source IP address from where the threats log occurred.
Displays the port number of the source.
Displays the username from whom the threat log is generated.
Displays the destination zone of the threats.
Displays the destination IP of the threats occurred.
Displays the port number of the destination.
Displays the nested application or application name from which the threats are generated.
Displays the action taken from the threats.
Displays the traffic session ID of the threats.
Displays the reason for the session closure.
Displays the threat profile name.
Displays the threat category.
Displays the accessed URL name that triggered the event.
Displays the object name of the threats.
Displays the interface name of the destination.
Displays the interface name of the source.
Displays the policy name that triggered the threats log.
Displays the rule name of the threats log.
Displays the protocol ID in the threats log.
Displays the Common Vulnerabilities and Exposures (CVE) identifiers information for the threat.
Displays the time elapsed since the last time interval began.
Packet Log ID
Displays the packets ID received before and after the attack for further offline analysis of attacker behavior.
Displays X-Forwarded-For (XFF) header added to packets by a proxy server that includes the real IP address of the client making the request.
Displays the filename of the threats log.
Displays the arguments that are passed to an event when it is invoked from the threats log.
Displays the name of the source from where threat is originated.
Displays the feed name of the threat detected.
Displays the number of threats count.
Displays the message type for the threat detected.
Displays the host URL for the threat.