Monitoring Threats

The Threats Report lets you monitor general statistics and activity reports of current threats to the network. Logging data is analyzed for threat type, source and destination details, and threat frequency information. Statistics are calculated, displayed, and refreshed, providing graphic presentations of the current state of the network. To view the Threats Report, do the following:

  1. Click Threats Report in the bottom right of the Dashboard, or select Monitor>Reports>Threats.

    The Threats Report appears.

  2. Select one of the following tabs:
    • Statistics tab

      Table 167 explains the content of this page.

    • Activities tab

      Table 168 explains the content of this page.

Table 167: Statistics Tab Output in the Threats Report

Field

Description

General Statistics Pane

Threat Category

One of the following categories of threats:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter—Click the Web filter category to display counters for 39 subcategories.
    • Content Filter
  • Firewall Event

Severity

The severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Hits in past 24 hours

Number of threats encountered per category in the past 24 hours.

Hits in current hour

Number of threats encountered per category in the last hour.

Threat Counts in the Past 24 Hours

By Severity

Graph representing the number of threats received each hour for the past 24 hours sorted by severity level.

By Category

Graph representing the number of threats received each hour for the past 24 hours sorted by category.

X Axis

Twenty-four hour span with the current hour occupying the right-most column of the display. The graph shifts to the left every hour.

Y Axis

The number of threats encountered. The axis automatically scales based on the number of threats encountered.

Most Recent Threats

Threat Name

Names of the most recent threats. Depending on the threat category, you can click the threat name to go to a scan engine site for a threat description.

Category

Category of each threat:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Source IP/Port

Source IP address (and port number, if applicable) of the threat.

Destination IP/Port

Destination IP address (and port number, if applicable) of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Hit Time

The time the threat occurred.

Threat Trend in past 24 hours

Category

Pie chart graphic representing comparative threat counts by category:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Web Filter Counters Summary

Category

Web filter count broken down by up to 39 subcategories. Clicking on the Web filter listing in the General Statistics pane opens the Web Filter Counters Summary pane.

Hits in past 24 hours

Number of threats per subcategory in the last 24 hours.

Hits in current hour

Number of threats per subcategory in the last hour.

Table 168: Activities Tab Output in the Threats Report

Field

Function

Most Recent Virus Hits

Threat Name

Name of the virus threat. Viruses can be based on services, like Web, FTP, or e-mail, or based on severity level.

Severity

The severity level of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source of the threat.

Destination IP/Port

IP address (and port number, if applicable) of the destination of the threat.

Protocol

Protocol name of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Last Hit Time

The last time the threat occurred.

Most Recent Spam E-Mail Senders

From e-mail

The e-mail address that was the source of the spam.

Severity

The severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP

IP address of the source of the threat.

Action

Action taken in response to the threat.

Last Send Time

The last time that the spam e-mail was sent.

Recently Blocked URL Requests

URL

URL request that was blocked.

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Hits in current hour

The number of threats encountered in the last hour.

Most Recent IDP Attacks

Attack

Severity

The severity of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Protocol

Protocol name of the threat.

Action

Action taken in response to the threat.

Last Send Time

The last time the IDP threat was sent.