Difference between revisions of "Security Events"
(Created page with "== Summary == The Summary tab displays some quick statistics for recent and trend data. ==== Charts & Tables ==== Clicking on any IP address, rule number or country code will...") |
|||
| Line 22: | Line 22: | ||
== Search == | == Search == | ||
Clicking on the search tab will open the [[Security Events Search]] window.<br /><br /> | Clicking on the search tab will open the [[Security Events Search]] window.<br /><br /> | ||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 11:01, 9 October 2014
Contents |
Summary
The Summary tab displays some quick statistics for recent and trend data.
Charts & Tables
Clicking on any IP address, rule number or country code will open a detailed report.
- Last 12 Months Totals by Month
Total counts of alerts (red) and events (green) per month within the last 12 months.
- Last 12 Months Top Events
Top rules which have been triggered within the last 12 months. Rule IDs on the left side may be clicked to view a detailed report.
- Last 12 Months Top Sources
Top Source IP addresses which have triggered rules within the last 12 months. IP Address on the left side may be clicked to view a detailed report.
- Top Countries
Top country sources of events within the last month. Countries in the legend may be clicked to view a detailed report.
- Top Events Today
This table displays the rules which have been triggered most often in the past day.
The list may be filtered with the level selection drop-down in the upper right corner of the table.
Only counts for rules at or above the selected level will be displayed.
- Top Attackers this Week
This table displays the IP addresses that have generated the most WAF events during the past seven days.
For each IP source, the most frequently triggered rules will be listed.
Recent Events
The Recent Events tab displays the most recent events as they occur. The list may be filtered by minimum level, and by hiding/showing WAF and HIDS events.
next to the Source IP address indicates that the source was blocked at the time of this event.
Specific events may be permanently hidden from the recent events window by selecting the checkbox at the left of each row and clicking the 'clear selected' button.
All visible events may be selected and deselected by clicking the button in the table header above the checkboxes.
Clicking on an IP address will open an IP Report window
Clicking on a rule number will open a Rule Report window
Clicking on an event description will open an Event Report window
Search
Clicking on the search tab will open the Security Events Search window.
