Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Map Overview

The threat map provides a visualization of the geographic regions for incoming and outgoing traffic. You can view blocked and allowed threat events based on feeds from IPS, antivirus, antispam engines, and screen attempts.

Clicking a specific geographical location displays an event count for each attack object. This event count view is useful for viewing unusual activity that could indicate a possible attack.

You can view the color-coded threats at the top of the page. You can also get a quick view of:

  • The total number of threats blocked and allowed
  • The individual count of threats blocked and allowed for each event
  • The top targeted devices
  • The top destination countries
  • The top source countries

Clicking a threat displays the Threats page. The data on the Threats page is filtered based on the threat you clicked. For example, if you click the threat count of the IPS threats, the filtered results display only the IPS threat logs.

You can click any individual source or destination point on the threat map to review information about the threat events. The information includes the number of threat events, the type of threats, the time of events, the source IP address, and the destination IP address. You can also perform further analysis of the attack by clicking the attack type and viewing the filtered list of events from the Event Viewer.

You can click a country on the threat map to display the respective country page. You can view the total threat events since midnight, followed by inbound and outbound threat events. The threat map displays the highest top five inbound and outbound IP addresses, but you can also view all IP addresses.

Click View Details to see more details for the country on the right panel. In addition, you can view the total number of inbound and outbound threats for each event.

Note:

Threats with unknown geographical IP addresses are displayed as undefined.

Table 1 describes different types of threats blocked and allowed.

Table 1: Types of Threats

Attack

Description

IPS Threat Events

Intrusion detection and prevention (IDP) attacks detected by the IDP module.

The information reported about the attack includes:

  • The source of the attack

  • The destination of the attack

  • The type of attack

  • The session information

  • The severity

  • The policy information that permitted the traffic

  • The action taken: traffic permitted or dropped

Spam Events

The e-mail spam that is detected based on the blocklist of spam e-mails.

The information reported about the attack includes:

  • The source

  • The action taken: The e-mail is rejected or allowed

  • The reason for identifying the e-mail as spam

Virus Events

Virus attacks detected by the antivirus engine.

The information reported about the attack includes:

  • The source of the infected file

  • The destination

  • The file name

  • The URL used for accessing the file

Device Authentications

The firewall authentication messages generated due to unauthorized attempts to access the network.

The reported information contains the reason for the authentication failure and the source of the request.

Screen

A type of threat detected by the SRX Series devices.

The information reported about the attack includes:

  • The attack name

  • The action taken

  • The source of the attack

  • The destination of the attack