Threat logs display entries when traffic matches one of the Security Profiles attached to a security rule on the firewall. Each entry includes the following information: date and time; type of threat (such as virus or spyware); threat description or URL (Name column); source and destination zones, addresses, and ports; application name; alarm action (such as allow or block); and severity level.
To see more details on individual Threat log entries:
- Click beside a threat entry to view details such as whether the entry aggregates multiple threats of the same type between the same source and destination (in which case the Count column value is greater than one).
The following table summarizes the Threat severity levels:
Serious threats, such as those that affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.
Threats that have the ability to become critical but have mitigating factors; for example, they may be difficult to exploit, do not result in elevated privileges, or do not have a large victim pool.
WildFire Submissions log entries with a malicious verdict and an action set to allow are logged as High.
Minor threats in which impact is minimized, such as DoS attacks that do not compromise the target or exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or provide very limited access.
Warning-level threats that have very little impact on an organization's infrastructure. They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.
Suspicious events that do not pose an immediate threat, but that are reported to call attention to deeper problems that could possibly exist.
Monitor WildFire Submissions and Analysis Reports
Monitor WildFire Submissions and Analysis Reports Samples that firewalls submit for WildFire analysis are displayed as entries in the WildFire Submissions log on the firewall ...
WildFire Submissions Logs
WildFire Submissions Logs The firewall forwards samples (files and emails links) to the WildFire cloud for analysis based on WildFire Analysis profiles settings ( Objects ...
About WildFire Logs and Reporting
About WildFire Logs and Reporting You can Monitor WildFire Activity on the firewall, with the WildFire portal, or with the WildFire API. For each sample ...
Log Types The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see is visible ...
View GTP Logs
View GTP logs to gain visibility into the traffic that mobile subscribers generate. ...
Use the Firewall to Monitor Malware
Use the Firewall to Monitor Malware Samples forwarded by the firewall are added as entries to the WildFire Submissions logs. A detailed WildFire analysis report ...
Threat Log Fields
Threat Log Fields Format : FUTURE_USE, Receive Time, Serial Number, Type, Threat/Content Type, FUTURE_USE, Generated Time, Source IP, Destination IP, NAT Source IP, NAT Destination ...
View Logs You can view the different log types on the firewall in a tabular format. The firewall locally stores all log files and automatically ...
Enable Basic WildFire Forwarding
Enable Basic WildFire Forwarding WildFire is a cloud-based virtual environment that analyzes and executes unknown samples (files and email links) and determines the samples to ...