Security Events

From Atomicorp Wiki
Revision as of 11:01, 9 October 2014 by Scott (Talk | contribs)

Jump to: navigation, search

Contents

Summary

The Summary tab displays some quick statistics for recent and trend data.

Charts & Tables

Clicking on any IP address, rule number or country code will open a detailed report.

  • Last 12 Months Totals by Month
    Total counts of alerts (red) and events (green) per month within the last 12 months.

  • Last 12 Months Top Events
    Top rules which have been triggered within the last 12 months. Rule IDs on the left side may be clicked to view a detailed report.

  • Last 12 Months Top Sources
    Top Source IP addresses which have triggered rules within the last 12 months. IP Address on the left side may be clicked to view a detailed report.

  • Top Countries
    Top country sources of events within the last month. Countries in the legend may be clicked to view a detailed report.

  • Top Events Today
    This table displays the rules which have been triggered most often in the past day.
    The list may be filtered with the level selection drop-down in the upper right corner of the table.
    Only counts for rules at or above the selected level will be displayed.

  • Top Attackers this Week
    This table displays the IP addresses that have generated the most WAF events during the past seven days.
    For each IP source, the most frequently triggered rules will be listed.

Recent Events

The Recent Events tab displays the most recent events as they occur. The list may be filtered by minimum level, and by hiding/showing WAF and HIDS events.

Event blocked.png next to the Source IP address indicates that the source was blocked at the time of this event.

Specific events may be permanently hidden from the recent events window by selecting the checkbox at the left of each row and clicking the 'clear selected' button.

All visible events may be selected and deselected by clicking the button in the table header above the checkboxes.

Clicking on an IP address will open an IP Report window
Clicking on a rule number will open a Rule Report window
Clicking on an event description will open an Event Report window

Search

Clicking on the search tab will open the Security Events Search window.

Personal tools