Botnet Report Settings
- Monitor > Botnet > Report Setting
Before generating the botnet report, you must specify the types of traffic that indicate potential botnet activity (see Configuring the Botnet Report). To schedule a daily report or run it on demand, click Report Setting and complete the following fields. To export a report, select it and Export to PDF, Export to CSV, or Export to XML.
Botnet Report Settings
Test Run Time Frame
Select the time interval for the report—Last 24 Hours (default) or Last Calendar Day.
Click Run Now to manually and immediately generate a report. The report displays in a new tab within the Botnet Report dialog.
No. of Rows
Specify the number of rows to display in the report (default is 100).
Select this option to automatically generate the report daily. By default, this option is enabled.
(Optional)Add queries to the Query Builder to filter the report output by attributes such as source/destination IP addresses, users, or zones. For example, if you know that traffic initiated from the IP address 192.0.2.0 contains no potential botnet activity, you can add not (addr.src in 192.0.2.0) as a query to exclude that host from the report output.
Configure a Botnet Report
Configure a Botnet Report You can schedule a botnet report or run it on demand. The firewall generates scheduled botnet reports every 24 hours because ...
Monitor > Botnet
Monitor > Botnet The botnet report enables you to use behavior-based mechanisms to identify potential malware- and botnet-infected hosts in your network. The report assigns ...
Generate Custom Reports
Generate Custom Reports You can configure custom reports that the firewall generates immediately (on demand) or on schedule (each night). To understand the selections available ...
Monitor > Manage Custom Reports
Monitor > Manage Custom Reports You can create custom reports to run on demand or on schedule (each night). For predefined reports, select Monitor Reports ...
Configuring the Botnet Report
Botnet Configuration Settings Monitor > Botnet > Configuration To specify the types of traffic that indicate potential botnet activity, click Configuration on the right side ...
Report Types The firewall includes predefined reports that you can use as-is, or you can build custom reports that meet your needs for specific data ...
Identify Infected Hosts
Identify Infected Hosts After you have configured DNS sinkholing and verified that traffic to a malicious domain goes to the sinkhole address, you should regularly ...
Monitor > PDF Reports > User Activity Report
Describes how to add a log filter for a User Activity Report or Group Activity Report. ...
Generate Botnet Reports
Generate Botnet Reports The botnet report enables you to use heuristic and behavior-based mechanisms to identify potential malware- or botnet-infected hosts in your network. To ...