Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create Security Events Report Definitions

The Security Events report is a comprehensive document that outlines all security events that occurs within your network over a specific period through charts and details. The report includes information about security-related incidents such as malware infections, phishing attempts, unauthorized access attempts, and other types of security incidents.

The following information in the report provides details about new exploits that are discovered and network-borne attacks blocked:

  • Firewall rules used most often.

  • User roles involved in the network traffic most often.

  • Source and destination IP addresses involved in the network traffic most often.

  • Services allowed access and services denied access most often.

  • Source IP addresses and destination IP addresses denied access by the firewall most often.

  • Firewall events, including the source and destination countries of the firewall events allowed and denied most often.

  • Applications accessed, including the source and destination countries of the websites blocked and the applications that used encryption most often.

  • Viruses detected, including the host servers targeted, the countries from where the viruses originated and the countries that the viruses targeted most often.

  • Viruses detected in real-time through the flow-based antivirus protection, including top host servers targeted, the countries from where the viruses originated and the countries that the viruses targeted most often.

  • Spam detected, including the countries from where the maximum spam originated and countries from where IPS-related events originated and were destined for most often.

  • SecIntel and AAMW events detected, including the hostnames of servers that security-related threats and malware targeted most often.

Before You Begin

  1. Select Monitor > Reports > Report Definitions.
  2. Click Create, and select Security Events Report.
    The Security Events Report page is displayed.
  3. Complete the configuration according to the guidelines provided in Table 1.
    Table 1: Security Events Report Definition Settings

    Settings

    Guidelines

    General

    Report Name

    Enter a name for the report containing maximum 64 alphanumeric characters.

    The name can contain dashes.

    Description

    Enter a description containing maximum 900 characters for the report.

    Content

    Time Span

    Specify the duration for which the report is generated.

    You can select a time span of the last 3 to 24 hours or a custom time span.

    Number of Top Logs

    Enter the number of top events to be displayed.

    The valid range is 1-10, and the default value is 5.

    Schedule

    Report Schedule

    Select the type of report schedule to use.

    • Run now—Schedule and publish the configuration at the current time.

    • Schedule at a later time–Schedule and publish the configuration at a later time.

    Email Section

    Email Recipients

    Enable this option to send the report to specific recipients in an email.

    • Recipients—Enter or select the e‐mail addresses of the recipients. You can search e-mail addresses of users by their first name. You can also enter external email addresses.

    • Subject—Enter the subject for the e‐mail notification.

    • Comments—Enter the comments for the e‐mail notification.

    Note:

    The report is not sent to recipients who do not have permissions to access a device or domain included in the report configuration.
  4. Click OK to save the report definition.

A new Security Events report definition is created and displayed on the Reports Definitions page.