Monitor Activity and Create Custom Reports Based on Threat Categories

Threat categories classify different types of threat signatures to help you understand and draw connections between events threat signatures detect. Threat categories are subsets of the more broad threat signature types: spyware, vulnerability, antivirus, and DNS signatures. Threat log entries display the Threat Category for each recorded event.
  • Filter Threat logs by threat category.
    1. Select MonitorLogsThreat.
    2. Add the Threat Category column so you can view the Threat Category for each log entry:
    3. To filter based on Threat Category:
      • Use the log query builder to add a filter with the Attribute Threat Category and in the Value field, enter a Threat Category.
      • Select the Threat Category of any log entry to add that category to the filter:
  • Filter ACC activity by threat category.
    1. Select ACC and add Threat Category as a global filter:
    2. Select the Threat Category to filter all ACC tabs.
  • Create custom reports based on threat categories to receive information about specific types of threats that the firewall has detected.
    1. Select MonitorManage Custom reports to add a new custom report or modify an existingone.
    2. Choose the Database to use as the source for the custom report—in this case, select Threat from either of the two types of database sources, summary databases and Detailed logs. Summary database data is condensed to allow a faster response time when generating reports. Detailed logs take longer to generate but provide an itemized and complete set of data for each log entry.
    3. In the Query Builder, add a report filter with the Attribute Threat Category and in the Value field, select a threat category on which to base your report.
    4. To test the new report settings, click Run Now.
    5. Click OK to save the report.

Related Documentation