Monitor Activity and Create Custom Reports Based on Threat Categories
Focus
Focus

Monitor Activity and Create Custom Reports Based on Threat Categories

Table of Contents

Monitor Activity and Create Custom Reports Based on Threat Categories

Threat categories classify different types of threat signatures to help you understand and draw connections between events threat signatures detect. Threat categories are subsets of the more broad threat signature types: spyware, vulnerability, antivirus, and DNS signatures. Threat log entries display the
Threat Category
for each recorded event.
  • Filter Threat logs by threat category.
    1. Select
      Monitor
      Logs
      Threat
      .
    2. Add the Threat Category column so you can view the Threat Category for each log entry:
    3. To filter based on Threat Category:
      • Use the log query builder to add a filter with the
        Attribute
        Threat Category and in the
        Value
        field, enter a Threat Category.
      • Select the Threat Category of any log entry to add that category to the filter:
  • Filter ACC activity by threat category.
    1. Select
      ACC
      and add Threat Category as a global filter:
    2. Select the Threat Category to filter all ACC tabs.
  • Create custom reports based on threat categories to receive information about specific types of threats that the firewall has detected.
    1. Select
      Monitor
      Manage Custom
      reports to add a new custom report or modify an existingone.
    2. Choose the
      Database
      to use as the source for the custom report—in this case, select
      Threat
      from either of the two types of database sources, summary databases and Detailed logs. Summary database data is condensed to allow a faster response time when generating reports. Detailed logs take longer to generate but provide an itemized and complete set of data for each log entry.
    3. In the Query Builder, add a report filter with the Attribute
      Threat Category
      and in the Value field, select a threat category on which to base your report.
    4. To test the new report settings, click
      Run Now
      .
    5. Click
      OK
      to save the report.

Recommended For You