Before generating the botnet report, you must specify the types
of traffic that indicate potential botnet activity (see Configuring
the Botnet Report). To schedule a daily report or run it
on demand, click
the following fields. To export a report, select it and
Export to CSV
Botnet Report Settings
Test Run Time Frame
Select the time interval for the report—
Last Calendar Day
manually and immediately generate a report. The report displays
in a new tab within the Botnet Report dialog.
No. of Rows
Specify the number of rows to display in
the report (default is 100).
Select this option to automatically generate
the report daily. By default, this option is enabled.
to the Query Builder to filter the report output by attributes such
as source/destination IP addresses, users, or zones. For example,
if you know that traffic initiated from the IP address 192.0.2.0
contains no potential botnet activity, you can add
not (addr.src in 192.0.2.0)
a query to exclude that host from the report output.
a logical connector (
If you select
, the report will exclude
the hosts that the query specifies.
—Select a zone, address,
or user that is associated with the hosts that the firewall evaluates
for botnet activity.