Network Alerts
Network alerts show detected connection attempts to known botnets, attacks to hosts on your network, and harmful websites visited from your network.
To view network alerts (Attacker, Botnet, and URL), go to Network Alerts. You can drill down the information displayed and apply search filters. You can select to create a PDF or CSV format snapshot report for specific types of network alert files. Search filters will be applied to the detailed report and will be displayed in the Filtering Criteria section.
This page has the following options:
Time Period |
Select the time period from the dropdown list. Select one of the following: 24 Hours, 7 Days, or 4 Weeks. You can select the time period to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report. |
|
Alert Type |
Select Attacker, Botnet, or URL from the dropdown list. You can select the alert type to filter the information displayed in the GUI. This selection is also applied to exported data for the snapshot report. |
|
|
Attacker |
Shows attacks against hosts on your network. When selecting Attacker from the dropdown list, the following information is displayed:
All columns include a filter to allow you to sort the entries in ascending or descending order. |
|
Botnet |
Shows detected connections to knows botnets. When selecting Botnet from the dropdown list, the following information is displayed:
The Detected, Name, and Source columns include a filter to allow you to sort the entries in ascending or descending order. |
|
URL |
Shows visited suspicious websites from your network. When selecting URL from the dropdown list, the following information is displayed:
The Detected, Category, Hostname, URL, Type, and Source columns include a filter to allow you to sort the entries in ascending or descending order. Tooltip: Certain URL categories are set as Benign by default. To view and change, go to Scan Policy and Object > Web Category. |
Export Data |
Select to create a PDF or CSV snapshot report. The time to generate the report is dependent on the number of events selected. You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page. |
|
Refresh |
Click the icon to refresh the log message list. |
|
Search |
Show or hide the search filter field. |
|
Add Search Filter |
Click the search filter field to add search filters. Click the close icon in the search filter field to remove the search filter. Search filters can be used to filter the information displayed in the GUI. |
To create a snapshot report for all network alert files:
- Select a time period from the first dropdown list.
- Select Attacker, Botnet, or URL from the second dropdown list.
- Select to apply search filters to further drill down the information in the report.
- Click the Export Data button in the toolbar. The Report Generator window opens.
- Select either PDF or CSV for the report type.
- Click the Generate Report button to create the report.
When the report generation is completed, select the Download button to save the file to your management computer.
- You can wait till the report is ready to view, or navigate away and find the report later on the Log & Report > Report Center page.
If Delete all traces of jobs of Malicious or Suspicious rating after is configured in System > Settings, the network alert records will be deleted after the specified time. Otherwise, the record deletion period is 32 days. |