Threats Monitoring Report

Purpose

Use the Threats Report to monitor general statistics and activity reports of current threats to the network. You can analyze logging data for threat type, source and destination details, and threat frequency information. The report calculates, displays, and refreshes the statistics, providing graphic presentations of the current state of the network.

Action

To view the Threats Report:

  1. Click Threats Report in the bottom right of the Dashboard, or select Monitor>Reports>Threats. The Threats Report appears.
  2. Select one of the following tabs:
    • Statistics tab. See Table 183 for a description of the page content.
    • Activities tab. See Table 184 for a description of the page content.

Table 183: Statistics Tab Output in the Threats Report

Field

Description

General Statistics Pane

Threat Category

One of the following categories of threats:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter—Click the Web filter category to display counters for 39 subcategories.
    • Content Filter
  • Firewall Event

Severity

Severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Hits in past 24 hours

Number of threats encountered per category in the past 24 hours.

Hits in current hour

Number of threats encountered per category in the last hour.

Threat Counts in the Past 24 Hours

By Severity

Graph representing the number of threats received each hour for the past 24 hours sorted by severity level.

By Category

Graph representing the number of threats received each hour for the past 24 hours sorted by category.

X Axis

Twenty-four hour span with the current hour occupying the right-most column of the display. The graph shifts to the left every hour.

Y Axis

Number of threats encountered. The axis automatically scales based on the number of threats encountered.

Most Recent Threats

Threat Name

Names of the most recent threats. Depending on the threat category, you can click the threat name to go to a scan engine site for a threat description.

Category

Category of each threat:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Source IP/Port

Source IP address (and port number, if applicable) of the threat.

Destination IP/Port

Destination IP address (and port number, if applicable) of the threat.

Protocol

Protocol name of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Hit Time

Time the threat occurred.

Threat Trend in past 24 hours

Category

Pie chart graphic representing comparative threat counts by category:

  • Traffic
  • IDP
  • Content Security
    • Antivirus
    • Antispam
    • Web Filter
    • Content Filter
  • Firewall Event

Web Filter Counters Summary

Category

Web filter count broken down by up to 39 subcategories. Clicking on the Web filter listing in the General Statistics pane opens the Web Filter Counters Summary pane.

Hits in past 24 hours

Number of threats per subcategory in the last 24 hours.

Hits in current hour

Number of threats per subcategory in the last hour.

Table 184: Activities Tab Output in the Threats Report

Field

Function

Most Recent Virus Hits

Threat Name

Name of the virus threat. Viruses can be based on services, like Web, FTP, or e-mail, or based on severity level.

Severity

Severity level of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source of the threat.

Destination IP/Port

IP address (and port number, if applicable) of the destination of the threat.

Protocol

Protocol name of the threat.

Description

Threat identification based on the category type:

  • Antivirus—URL
  • Web filter—category
  • Content filter—reason
  • Antispam—sender e-mail

Action

Action taken in response to the threat.

Last Hit Time

Last time the threat occurred.

Most Recent Spam E-Mail Senders

From e-mail

E-mail address that was the source of the spam.

Severity

Severity level of the threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP

IP address of the source of the threat.

Action

Action taken in response to the threat.

Last Send Time

Last time that the spam e-mail was sent.

Recently Blocked URL Requests

URL

URL request that was blocked.

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Hits in current hour

Number of threats encountered in the last hour.

Most Recent IDP Attacks

Attack

Severity

Severity of each threat:

  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug

Source IP/Port

IP address (and port number, if applicable) of the source.

Destination IP/Port

IP address (and port number, if applicable) of the destination.

Protocol

Protocol name of the threat.

Action

Action taken in response to the threat.

Last Send Time

Last time the IDP threat was sent.

Related Documentation