See Network Events in TDR

On the Network Events page, you can see details about network threat events identified by Fireboxes on your network. These are the details for network indicators identified for a host. These details include the Raw Message, which is a type of log message with information such as the Firebox interface and the source and destination IP addresses for the connection.

To see network events, you must log in as a user with Operator credentials:

  1. Select System > Network Events.

  1. At the left of an event, click .
    The Raw Message from the Firebox appears.
  2. To close the Raw Message, click .

The Type column shows the type of network event.

Event Type Description
BlockedSitesByBotnet Botnet Detection blocked traffic from a suspected botnet site.
BlockedSitesByFQDN The Firebox blocked a connection because it matched an FQDN on the Blocked Sites list.
BlockedSitesByIP The Firebox blocked a connection because it matched an IP address on the Blocked Sites list.
DnsQuestionMatch The DNS proxy a DNS query that matched a Query Name configured with the Deny action in the DNS-proxy action
HttpAPTBlocked APT Blocker blocked an Advanced Persistent Threat in an HTTP connection.
HttpAPTDetected APT Blocker detected an Advanced Persistent Threat in an HTTP connection.
HttpBadReputation Reputation Enabled Defense blocked an HTTP connection to a site with a bad reputation.
HttpRequestCategories WebBlocker blocked a connection to a site in a blocked content category.
HttpVirusFound Gateway AntiVirus detected a virus in an HTTP connection.
SmtpAPTBlocked APT Blocker blocked an Advanced Persistent Threat in an SMTP connection
SmtpAPTDetected APT Blocker detected an Advanced Persistent Threat in an SMTP connection
SmtpVirusFound Gateway AntiVirus detected a virus in an SMTP connection

To make sure that your Firebox sends events to your TDR account, configure policies and services in the Firebox configuration to send a log message for any Block, Drop, or Deny action. For more information, see Configure Proxy Policies for TDR.

Give Us Feedback     Get Support     All Product Documentation     Technical Search