Reports

Monitoring Threats

The Threats Report lets you monitor general statistics and activity reports of current threats to the network. Logging data is analyzed for threat type, source and destination details, and threat frequency information. Statistics are calculated, displayed, and refreshed, providing graphic presentations of the current state of the network. To view the Threats Report, do the following:

  1. Click Threats Report in the bottom right of the Dashboard, or select Monitor>Reports>Threats.

    The Threats Report appears.

  2. Select one of the following tabs:
    • Statistics tab

      Table 129 explains the content of this page.

    • Activities tab

      Table 130 explains the content of this page.

Table 129: Statistics Tab Output in the Threats Report

Field

Description

General Statistics Pane

Threat Category

One of the following categories of threats:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter—Click the Web filter category to display counters for 39 subcategories.
    • Content Filter
  • Firewall Event

Severity

The severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Hits in past 24 hours

Number of threats encountered per category in the past 24 hours.

Hits in current hour

Number of threats encountered per category in the last hour.

Threat Counts in the Past 24 Hours

By Severity

Graph representing the number of threats received each hour for the past 24 hours sorted by severity level.

By Category

Graph representing the number of threats received each hour for the past 24 hours sorted by category.

X Axis

Twenty-four hour span with the current hour occupying the right-most column of the display. The graph shifts to the left every hour.

Y Axis

The number of threats encountered. The axis automatically scales based on the number of threats encountered.

Most Recent Threats

Threat Name

Names of the most recent threats. Depending on the threat category, you can click the threat name to go to a scan engine site for a threat description.

Category

Category of each threat:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Source IP/Port

Source IP address (and port number, if applicable) of the threat.

Destination IP/Port

Destination IP address (and port number, if applicable) of the threat.

Protocol

Protocol name of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Hit Time

The time the threat occurred.

Threat Trend in past 24 hours

Category

Pie chart graphic representing comparative threat counts by category:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Web Filter Counters Summary

Category

Web filter count broken down by up to 39 subcategories. Clicking on the Web filter listing in the General Statistics pane opens the Web Filter Counters Summary pane.

Hits in past 24 hours

Number of threats per subcategory in the last 24 hours.

Hits in current hour

Number of threats per subcategory in the last hour.

Table 130: Activities Tab Output in the Threats Report

Field Function

Most Recent Virus Hits

Threat Name

Name of the virus threat. Viruses can be based on services, like Web, FTP, or e-mail, or based on severity level.

Severity

The severity level of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source of the threat.

Destination IP/Port

IP address (and port number, if applicable) of the destination of the threat.

Protocol

Protocol name of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Last Hit Time

The last time the threat occurred.

Most Recent Spam E-Mail Senders

From e-mail

The e-mail address that was the source of the spam.

Severity

The severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP

IP address of the source of the threat.

Action

Action taken in response to the threat.

Last Send Time

The last time that the spam e-mail was sent.

Recently Blocked URL Requests

URL

URL request that was blocked.

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Hits in current hour

The number of threats encountered in the last hour.

Most Recent IDP Attacks

Attack

Severity

The severity of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Protocol

Protocol name of the threat.

Action

Action taken in response to the threat.

Last Send Time

The last time the IDP threat was sent.

Monitoring Traffic

The Traffic Report lets you monitor network traffic by reviewing reports of flow sessions over the past 24 hours. Logging data is analyzed for connection statistics and session usage by a transport protocol.

To view network traffic in the past 24 hours, select Monitor>Reports>Traffic in the J-Web interface.

Table 131 explains the content of this report.

Table 131: Traffic Report Output

Field

Description

Sessions in Past 24 Hours per Protocol

Protocol Name

Name of the protocol. To see hourly activity by protocol, click the protocol name and review the “Protocol activities chart” in the lower pane.

  • TCP
  • UDP
  • ICMP

Total Session

Total number of sessions for the protocol in the past 24 hours.

Bytes In (KB)

Total number of incoming bytes in KB.

Bytes Out (KB)

Total number of outgoing bytes in KB.

Packets In

Total number of incoming packets.

Packets Out

Total number of outgoing packets.

Most Recently Closed Sessions

Source IP/Port

Source IP address (and port number, if applicable) of the closed session.

Destination IP/Port

Destination IP address (and port number, if applicable) of the closed session.

Protocol

Protocol of the closed session.

  • TCP
  • UDP
  • ICMP

Bytes In (KB)

Total number of incoming bytes in KB.

Bytes Out (KB)

Total number of outgoing bytes in KB.

Packets In

Total number of incoming packets.

Packets Out

Total number of outgoing packets.

Timestamp

The time the session was closed.

Protocol Activities Chart

Bytes In/Out

Graphic representation of traffic as incoming and outgoing bytes per hour. The byte count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately.

Packets In/Out

Graphic representation of traffic as incoming and outgoing packets per hour. The packet count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately.

Sessions

Graphic representation of traffic as the number of sessions per hour. The session count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately.

X Axis

One hour per column for 24 hours.

Y Axis

Byte, packet, or session count.

Protocol Session Chart

Sessions by Protocol

Graphic representation of the traffic as the current session count per protocol. The protocols displayed are TCP, UDP, and ICMP.