|
|
The Attack Reports section includes reports that show details of attacks that have been identified by the firewall. These reports help in identifying the top attackers, the top targets for the attacks and other details like protocol used, the priority of the attack and the status of the attack.
The Show bar lets you choose the level of detail in
the reports. By default, the top five values are shown. To show more than
ten values, the report uses only tables. Click on the 
icon to export this report to PDF. Click on the 
icon to export this report to CSV format (comma separated values).
Below each graph click the Hide Table link to hide the
table. Click the Show Table link to see the table again.
The Top Attackers report shows the top source IP addresses or host names from which attacks are originating, along with the protocol used for the attack and the number of hits. The Top Targets report shows the top destination IP addresses or host names that have been attacked, along with the protocol used for the attack and the number of hits.
Drill down from these graphs to see the following details:
| Field | Description |
|---|---|
| Attack | The name or id (as defined by the firewall) of the attack that was sent or received |
| Destination/ Host | The destination host or IP address to which the attack was sent/
The host or IP address that sent the attack |
| Severity | The severity level of the attack, as defined by the firewall |
| Hits | The number of times the attack was sent to or received by the same host |
| Subtype | The subtype of the attack, as defined by the firewall |
| Time | The time stamp when the attack was sent or received |
| Status | The status of the attack that was sent or received |
| Message | The attack message generated by the firewall |
The Top Protocols Used By Attacks report shows the top protocols used by each attack. The Top Attacks By Priority report shows the top attacks classified based on priority like Alert, Emergency etc.
Drill down from these graphs to see the following details:
| Field | Description |
|---|---|
| Host | The host or IP address that sent the attack |
| Destination | The destination host or IP address to which the attack was sent |
| Severity/ Protocol | The severity level of the attack, as defined by the firewall/ The protocol used to send the attack |
| Hits | The number of times the attack was sent to or received by the same host |
| Subtype | The subtype of the attack, as defined by the firewall |
| Time | The time stamp when the attack was sent or received |
| Status | The status of the attack that was sent or received |
| Message | The attack message generated by the firewall |
The Top Attacks with Status report shows the status of the Top Attacks (ID or names) based on the number of hits. Drill down from this graph to see the following details:
| Field | Description |
|---|---|
| Attack | The name or id (as defined by the firewall) of the attack that was sent or received |
| Host | The host or IP address that sent the attack file |
| Destination | The destination host or IP address to which the attack file was sent |
| Protocol | The protocol used by the attack to send this attack file |
| Severity | The severity level of the attack, as defined by the firewall |
| Hits | The number of times the attack file was sent to the same host |
| Subtype | The subtype of the attack, as defined by the firewall |
| Time | The time stamp when the attack file was sent |
| Status | The status of the attack that was sent or received |
| Message | The attack message generated by the firewall |
The Top Attacker by unique targets report shows peer to peer attack details. The report lists the hosts from which attacks are originating along with number of unique/distinct destinations (hosts) targeted. Drill down from this graph to see the following details:
| Field | Description |
|---|---|
| Destination | The destination host or IP address to which the attack file was sent |
| Attack | The name or id (as defined by the firewall) of the attack that was sent or received |
| Protocol | The protocol used by the attack to send this attack file |
| Status | The status of the attack that was sent or received |
| Count | No. of times the attack file was sent to the destination. |
| Message | The attack message generated by the firewall |
|
|