Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Report Types

    • Incident List: This report displays a list of every incident that occurred between the two given dates. Details for each incident include the type, complexity, count of occurrences, name of the hacker profile associated with the incident, location of the hacker and the first and last date of occurrence of that incident. The report can be narrowed to include only selected profiles, incident types, countries, a single application, and/or a specified number of incidents by altering the specific options for this report.

    Figure 1: Incident List

    Incident List
    • Incidents with Requests and Responses by IP: This report lists the incidents for a given IP and date range. Details for each incident include: date of the first occurrence, the user agent string, the request content, the response content, the incident type, and the count of occurrences.
    • Incidents with Requests and Responses by Profile: This report lists the incidents for a given profile name and date range. Details for each incident include: date of the first occurrence, the user agent string, the request content, the response content, the incident type, and the count of occurrences.
    • Incidents by Type: This report lists the incidents that have occurred within a given date range. Details displayed include: the type of each incident that has occurred and the count for that particular type.
    • Incident by Type for IP: This report displays a list of incidents created between the given dates for a given IP Address. Details on the report include: the name of the incident type and the count of the number of incident occurrences of that type.
    • Scorecard: The scorecard report displays a summary of activity on the protected site. The executive summary at the top of the page displays the total number of attackers detected, the number of attackers that have been blocked, and the number of incidents detected for three time periods. These time periods are: from the beginning of the appliance to the current date, the last month from the first of the month through the last of the month, and the last complete week starting from Sunday through Saturday. Below the executive summary section are four graphs that break out the top five incident types, the top five hackers by volume, the top five countries by volume, and the activity of the previous week broken out by day of the week.

      Figure 2: Executive Summary

      Executive Summary

      Figure 3: Incident Types

      Incident Types

      Figure 4: Incident Volume by Hacker

      Incident Volume by Hacker

      Figure 5: Incident Source Countries

      Incident Source Countries

      Figure 6: Last Week’s Incident Activity

      Last Week’s Incident Activity

      Below the four graphs is the weekly report section, which lists the counts of incidents broken out by threat level and totaled. It also includes counts of the number of hackers who were blocked, the number who were countered with a non blocking response (such as a slowed connection or a warning), the number of hackers that were not responded to (because they were not deemed a high enough threat), and the total number of hackers. This report is only available in PDF format.

      Figure 7: Weekly Report

      Weekly Report
    • Top IP Addresses: The Top IP Addresses report contains up to five graphs, one for each complexity level, that break down the IP addresses that have caused the most incidents. If there were no incidents of a given complexity then there will not be a graph for that complexity. This report is only available in PDF format.
    • Top Incident Types: The Top Incident Types report contains a list of the top N incident types over the specified time period, ordered by number of occurrences. Included on the list is supplementary detail such as the number of countries, profiles, and IP addresses related to the type of incident.

      Figure 8: Top Incident Types

      Top Incident Types

      Following the list is a set of graphs each on their own page. Each graph is specific to one type of incident on the list and shows the distribution of those incident occurrences over the selected time period. The time period is shown on the horizontal axis. The count of occurrences of each type of incident are shown on the vertical axis scaled logarithmically.

      The report can be narrowed to include a specified number of types of incidents or only a selected set of incidents. It can also be narrowed to only contain data from a specific application. This report is only available in PDF format.

    • Top Locations: This report contains a list of the top N locations ordered by the number of incidents that originated from each location and timezone during the specified time interval. Included on the list is supplementary information including the number of High, Medium, Low, and Indicator level incidents from each location.

      Figure 9: Top Locations

      Top Locations

      Following the list is a set of graphs each on their own page. Each graph is specific to one country on the list and shows the distribution of each incident level over the selected time period. The horizontal axis shows the time period. The count of occurrences of incidents from a specific country are shown on the vertical axis scaled logarithmically. This report is only available in PDF format.

      Figure 10: Country Counts Over Time

      Country Counts Over Time
     

    Related Documentation

     

    Published: 2014-06-27

    Previous Page Next Page