Related Topics
About Dimension Reports
WatchGuard Dimension includes predefined reports that are automatically generated from the log message data from your Fireboxes, FireClusters, and WatchGuard servers. Dimension also includes reports that you can select to generate when you configure a report schedule. Not all reports can be included in a report schedule.
Many Dimension reports can be viewed and exported as a .PDF or .CSV file. Some reports include data that you can pivot on to see greater detail in the reports, or can be refined to see per client reports. When you export a report as a .PDF or a .CSV file, the time zone that appears in the file is the local time on the client computer, not UTC time.
When you view a Summary report, if a Detail report is available for that report type, the View Details link is included at the top of the report. You can click the link to open the Detail report.
If Dimension is in Anonymized Mode, you cannot see Detail reports.
For information about where to enable logging for reports in your Firebox configuration, see Where to Enable Logging for Reports.
For information about how to view a report, see View Reports.
For information about how to create a report schedule, see Schedule Reports.
Available Reports for Devices
From any Device or Group page, you can view reports that were automatically generated from the available log message data for the selected Firebox, FireCluster, or group. You can also select many of these reports when you create a report schedule. For more information about the reports you can include in a report schedule, see Schedule Reports.
Executive Summary Report
The Executive Summary Report shows a high level summary of network use and blocked threats for the selected time frame. The report can be downloaded or scheduled for export as a .PDF. The Executive Summary Report includes the Report Types from this list in the report, if there is data available for that report type. To include this report in a schedule, select the Executive Summary Reports report type. You can schedule this report to be sent to a directory or to an email recipient.
You can also view some of the data that is included in the Executive Summary Report in the widgets available on the Executive Dashboard and Security Dashboard pages.
| Report Type | Description |
|---|---|
| Top Zero-Day Malware (APT) |
The top malware that was not identified by APT Blocker until after it passed through the firewall. Includes the threat index, threat ID, content name, threat level, and number of hits. |
| Top Blocked Advanced Malware (APT) | The advanced malware threats that APT Blocker detected and that were blocked. Includes the threat index, threat ID, content name, and number of hits. |
| Top Blocked Malware | The malware that has been blocked on the network by Gateway AntiVirus. Includes the name of the malware and the number of hits. |
| Top Blocked Attacks | The top intrusion attacks that were blocked by the Intrusion Prevention Service (IPS). Includes the name of the attack and the number of hits. |
| Top Clients |
The clients on your network that generate the most traffic. Includes the client name or IP address, number of bytes, and number of hits for traffic through packet filter and proxy policies. |
| Top Domains |
The top web domains in use on your network. Includes the domain name, number of bytes, and number of hits. |
| Top Blocked Botnet Sites | The top botnet sites that clients on your network tried to contact. |
| Top Blocked Botnet Clients | The top clients on your network that tried to contact a botnet site. |
| Top URL Categories |
The top ten categories of Internet activity on your network that WebBlocker identified. Includes the category name and number of hits. |
| Top Applications | The top applications that are in use on your network. Includes the application name, number of bytes, and number of hits. |
| Top Application Categories |
The top categories for application traffic. Includes the application category name, number of bytes, and number of hits. |
| Top Blocked Applications | The top applications that were blocked. Includes the application name and number of hits. |
| Top Blocked Application Categories | The top categories of applications that were blocked. Includes the application category name and number of hits. |
| Top Mobile Devices | The mobile devices on your network that generate the most traffic. Includes the mobile device name, number of bytes, and number of hits. |
Per Client Reports
Per Client reports are divided into two categories: Summary and Detail reports. Summary reports include the top ten results in each report type available as a Summary report, and include a chart and data selection grid for each report. You can export Summary reports as a .PDF file. Detail reports include all results for each report type available as a Detail report. You can export Detail reports as a .CSV file.
You can navigate directly to Per Client reports, or open them from the client report pivots in some of the other reports. For information about which reports include options to view Per Client reports, see the next sections.
When you run a Per Client report, you can specify this criteria:
- User Name
- IP Address
- Host Name
- Device Name (only available if the date range you specify includes log message data for mobile devices)
Criteria for DLP reports
These options are only available if the date range you specify includes log message data for DLP. You can use wildcards when you apply a filter with DLP criteria to Per Client reports.
- Policy Name
- Rule Name
| Report Type | Report Category | Description |
|---|---|---|
| Web Activity Trend | Summary | Hourly trend data for websites visited by clients. |
| Most Popular Domains | Summary | Top websites visited by clients. |
| Application Usage | Summary | Summary report of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. |
| Data Loss Violations (DLP) | Summary | All Data Loss Prevention activity and actions on the Firebox. |
| Data Loss Violations (DLP) by Detail | Detail | Data Loss Prevention activity and actions on the Firebox, organized by the detail type. |
| URL Audit Detail | Detail | Detailed report of traffic through the Firebox, organized by URL. Includes the Event Time, Policy, Disposition, Destination, and Path for the traffic. |
| Application Usage by Category | Detail | Application usage data for allowed connections, by category. |
| Web Audit by Category | Summary | Summary report of web traffic by category. |
| Web Audit by Category Detail | Detail | Detailed report of web traffic by category, organized by the category details. |
Traffic
You can view Traffic reports or export them as a .PDF file. Some traffic reports include bandwidth data. For more information about bandwidth data in your reports, see About Bandwidth Reports.
| Report Type | Pivot Name | Pivot Option | Description | Report Schedule Destination |
|---|---|---|---|---|
| Packet Filter Traffic | Activity Trend |
Summary of packet-filter traffic data, organized by the activity. To include this report in a schedule, select the Packet-Filter Summaries > Activity Trend report. |
Email, Directory | |
| Source | Hits, Bandwidth |
Summary of packet-filter traffic data, organized by the host name. To include this report in a schedule, select the Packet-Filter Summaries > Host Summary report. |
Email, Directory | |
| Destination | Hits, Bandwidth | Summary of packet-filter traffic data, organized by the destination address. | ||
| Service | Hits, Bandwidth |
Summary of packet-filter traffic data, organized by the service name. To include this report in a schedule, select the Packet-Filter Summaries > Service Summary report. |
Email, Directory | |
| Session | Hits, Bandwidth |
Summary of packet-filter traffic data, organized by the session. To include this report in a schedule, select the Packet-Filter Summaries > Session Summary report. |
Email, Directory | |
| Proxy Traffic | Activity Trend |
Summary of proxied traffic data, organized by the activity. To include this report in a schedule, select the Proxy Summaries > Activity Trend report. |
Email, Directory | |
| Source | Hits, Bandwidth |
Summary of proxied traffic data, organized by the host name. To include this report in a schedule, select the Proxy Summaries > Host Summary report. |
Email, Directory | |
| Destination | Hits, Bandwidth | Summary of proxied traffic data, organized by the destination address. | ||
| Protocol | Hits, Bandwidth |
Summary of proxied traffic data, organized by the protocol. To include this report in a schedule, select the Proxy Summaries > Proxy Summary report. |
Email, Directory | |
| Session | Hits, Bandwidth |
Summary of proxied traffic data, organized by the session. To include this report in a schedule, select the Proxy Summaries > Session Summary report. |
Email, Directory | |
| External Bandwidth |
Information about the bandwidth/transfer rate for external interfaces. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes. To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report. |
Email, Directory | ||
| Data Transfer Amount | Summary of the bandwidth information on the amount of data through the external interfaces. | |||
| Data Transfer Rate | Summary of the bandwidth information on the rate that the data transferred through the external interfaces. | |||
| VPN Bandwidth |
Includes information on upload and download bandwidth by rate for BOVPN and Mobile VPN tunnels. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes. To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report. |
Email, Directory | ||
| Amount of Data Transferred | Summary of the bandwidth information on the amount of data through the VPN tunnel. | |||
| Rate of Data Transfer | Summary of the bandwidth information on the rate that the data transferred through the VPN tunnel. | |||
| Top Clients | Hits, Bandwidth | Summary of the clients that use the most bandwidth on your network, or have the most hits. You can refine the data in this report to see Per Client Reports data. | ||
| Hosts (Sent & Received) |
Summary of the bandwidth data or hits for the clients based on the host names used to send and receive the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Users (Sent & Received) |
Summary of the bandwidth data or hits for the clients based on the user names used to send and receive the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Mobile Devices (Sent & Received) |
Summary of the bandwidth data or hits for the clients based on the mobile devices used to send and receive the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Hosts (Sent) |
Summary of the bandwidth data or hits for the clients based on the host names used to send the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Users (Sent) |
Summary of the bandwidth data or hits for the clients based on the user names used to send the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Mobile Devices (Sent) |
Summary of the bandwidth data or hits for the clients based on the mobile devices used to send the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Users (Received) |
Summary of the bandwidth data or hits for the clients based on the user names that received the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Hosts (Received) |
Summary of the bandwidth data or hits for the clients based on the host names that received the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory | ||
| Mobile Devices (Received) |
Summary of the bandwidth data or hits for the clients based on the mobile devices that received the traffic. To include this report in a schedule, select one of these reports:
|
Email, Directory |
Web
You can view Web reports or export them as a .PDF file.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| Most Active Clients | Hits |
Summary of the top web traffic for clients and mobile devices, by hits. You can refine the data in this report to see Per Client Reports data. To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report. |
Email, Directory |
| Bytes |
Summary of the top web traffic for clients and mobile devices, by bytes transferred. You can refine the data in this report to see Per Client Reports data. To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report. |
Email, Directory | |
| Most Popular Domains | Hits |
Summary of the top websites visited by clients, by hits. To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report. |
Email, Directory, ConnectWise |
| Bytes |
Summary of the top websites visited by clients, by bytes transferred. To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report. |
Email, Directory, ConnectWise | |
| Web Audit | Category |
Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by category. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report. |
Email, Directory |
| Client |
Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by client. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report. |
Email, Directory | |
| Mobile Device |
Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by mobile device. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Mobile Device) report. |
Email, Directory | |
| Web Activity Trend |
Summary of the hourly trend data for web traffic activity. To include this report in a schedule, select the Web Traffic Reports > Activity Trend report. |
Email, Directory | |
| Web Traffic Summary |
Summary of the top websites and top web categories visited by clients. To include this report in a schedule, select the Web Traffic Reports > Web Traffic Summary report. |
Email, Directory |
You can view Mail reports or export them as a .PDF file.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| SMTP | Sender | Summary of the SMTP proxy action records by sender. | |
| Recipient | Summary of the SMTP proxy action records by recipient. | ||
| Server Summary |
Summary of the SMTP server activity (for internal and external email accounts). To include this report in a schedule, select the SMTP Proxy > SMTP Summary (Email and Server) report. |
Email, Directory | |
| POP3 | User |
Summary of the POP3 user activity. To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report. |
Email, Directory |
| Server Summary |
Summary of the POP3 server activity. To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report. |
Email, Directory |
Services
You can view Services reports or export them as a .PDF file.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| Application Usage | Summary |
Summary of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. You can refine the data in this report type to see Per Client Reports data in a Top Clients report. To include this report in a schedule, select the Application Control > Application Usage Summary report. To include the Top Clients report in a schedule, select the Client Reports > Top Clients by Application Usage report. |
Email, Directory |
| Top Applications by User | Summary of the applications with the most users, by user name. | ||
| Top Applications by Host | Summary of the applications with the most users, organized by host name. | ||
| Top Applications by Mobile Device | Summary of the applications with the most users, organized by mobile device. | ||
| Top Users by Application | Summary of the users most often blocked by Application Control, organized by application. | ||
| Top Hosts by Application | Summary of the hosts most often blocked by Application Control, organized by application. | ||
| Top Mobile Devices by Application | Summary of the mobile devices most often blocked by Application Control, organized by application. | ||
| Advanced Malware (APT) | Advanced Malware (APT) Summary |
Summary of the malware detected by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Summary report. |
Email, Directory |
| Content Name |
Summary of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report. |
Email, Directory | |
| Activity Trend |
Summary report of a trend of the malware that was detected by APT Blocker. To include this report in a schedule, select the Advanced Malware (APT) Reports > Malware Activity Trend report. |
Email, Directory | |
| Threat ID |
Summary of the malware detected by APT Blocker, organized by the Threat ID. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report. |
Email, Directory | |
| Malicious Activity |
Summary of the malicious activity on your network that was detected by APT Blocker. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Malicious Activity report. |
Email, Directory | |
| MIME Type |
Summary of the MIME types used on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by MIME Type report. |
Email, Directory | |
| Protocol |
Summary of the protocols used for malicious activity on your network that was detected by APT Blocker. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report. |
Email, Directory | |
| Recipient/Destination |
Summary of the recipient names and destination addresses for malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report. |
Email, Directory | |
| Sender/Source |
Summary of the sender names and source addresses for malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report. |
Email, Directory | |
| Threat Level |
Summary of the threat levels assigned to malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat Level report. |
Email, Directory | |
| Botnet Detection | By Client |
Summary report of all the activity on you network related to botnet sites, by client. Summary data shows the top 50 clients that were blocked before they connected to botnet sites. You can click the IP address in the Client column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Botnet Detection by Client. |
Email, Directory |
| By Activity Trend |
Summary report of a trend of the sites that were scanned in relation to the number of blocked botnet sites. To include this report in a schedule, select Botnet Detection > Activity Trend. |
Email, Directory |
|
| By Destination |
Summary report of all the activity on you network related to botnet sites, by destination. Summary data shows the top 50 destinations that botnet sites tried to connect to and were blocked. You can click the IP address in the Destination column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Botnet Detection by Destination |
Email, Directory | |
| Blocked Botnet Sites |
Summary report of the top 50 blocked botnet sites. You can click the IP address in the Name column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Blocked Botnet Site Summary |
Email, Directory | |
| Blocked Applications |
Summary of the applications used on your network that were blocked by Application Control. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. You can refine the data in this report type to see Per Client Reports data. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Email, Directory | |
| Top Blocked by User | Summary of the applications that were most blocked, organized by user name. | ||
| Top Blocked by Host | Summary of the applications that were most blocked, organized by host name. | ||
| Top Blocked by Mobile Device | Summary of the applications that were most blocked, organized by mobile device. | ||
| Top Users Blocked | Summary of the user names that were most blocked. | ||
| Top Hosts Blocked | Summary of the host names that were most blocked. | ||
| Top Mobile Devices Blocked | Summary of the mobile devices that were most blocked. | ||
| Blocked Websites | Category |
Summary of the websites blocked by WebBlocker, organized by category. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report. |
Email, Directory, ConnectWise |
| Activity Trend |
Summary report of a trend of the sites that were scanned in relation to the number of blocked websites. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites Activity Trend report. |
||
| Client |
Summary of the websites blocked by WebBlocker, organized by client. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report. |
Email, Directory, ConnectWise | |
| Mobile Device |
Summary of the websites blocked by WebBlocker, organized by mobile device. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report. |
Email, Directory, ConnectWise | |
| Data Loss Violations (DLP) | Summary reports of the top 50 hits for Data Loss Prevention activity and actions. Includes allowed and denied violations. | ||
| Rules |
Summary of the denied violations by rule name. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Rules Summary report. |
Email, Directory | |
| Activity Trend |
Summary of the traffic scanned by Data Loss Prevention. Data includes the total number of scans, the allowed violations, denied violations, and quarantined violations. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Activity Trend report. |
Email, Directory | |
| Sender/Source |
Summary of the denied violations by the sender or source address. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Source Summary report. |
Email, Directory | |
| Recipient/Destination |
Summary of the denied violations by the recipient or destination address. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Destination Summary report. |
Email, Directory | |
| Intrusions (IPS) |
Includes the signature name in each of the reports. Includes allowed and denied hits. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Summary report. |
Email, Directory | |
| Activity Trend |
Summary report of a trend of the intrusions on your network. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Activity Trend report. |
Email, Directory | |
| Signatures |
Summary of the IPS actions, organized by signature. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Signature report. |
Email, Directory | |
| Source IP |
Summary of the IPS actions, organized by the IP address where the traffic originated. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Source report. |
||
| Threat Level |
Summary of the IPS actions, organized by the threat level. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Threat Level report. |
||
| Protocol |
Summary of the IPS actions, organized by the protocol used for the traffic. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Protocol report. |
||
| Reputation Enabled Defense | Action |
Summary of all the Reputation Enabled Defense actions for traffic through the device. To include this report in a schedule, select the Reputation Enabled Defense > Reputation Enabled Defense Summary report. |
Email, Directory |
| Activity Trend |
Summary report of a trend of the URLs that were scanned and the URL responses. To include this report in a schedule, select the Reputation Enabled Defense > RED Activity Trend report. |
Email, Directory | |
| spam | spam Level |
Summary of all the spamBlocker categories for mail traffic through the Firebox. Statistics include the message type, the count of email messages in each category, and the percent of email messages that the count represents. To include this report in a schedule, select the spam Summary > spam Summary report. |
Email, Directory |
| Action |
Summary of all the spamBlocker actions for traffic through the Firebox. Statistics include the action type, the count of email messages, and the percent of email messages that the count represents. |
||
| Activity Trend |
Summary report of a trend of the traffic that was scanned by spamBlocker in relation to the amount of spam that was detected. To include this report in a schedule, select the spam Summary > spam Activity Trend report. |
Email, Directory | |
| Virus (GAV) | Virus |
Summary of the Gateway AntiVirus actions, organized by virus name. Includes allowed and denied hits. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Summary report. |
Email, Directory |
| Activity Trend |
Summary report of a trend of the traffic that was scanned by GAV in relation to the number of viruses detected. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Activity Trend report. |
Email, Directory | |
| Host (HTTP) | Summary of the Gateway AntiVirus actions, organized by host name. | ||
| Protocol | Summary of the Gateway AntiVirus actions, organized by the protocol used for the traffic. | ||
| Email Sender | Summary of the Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies. | ||
| Zero-Day Malware (APT) | Zero-Day Malware (APT) Summary | Summary of the zero-day malware detected by APT Blocker. This report is only available for a report schedule. | |
| Content Name | Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by content name. | ||
| Threat ID | Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID. | ||
| Malicious Activity | Summary of the malicious activity on your network that was identified as Zero-Day Malware by APT Blocker. | ||
| Recipient/Destination | Summary of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker. | ||
| Threat Level | Summary of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker. |
Device
You can view Device reports or export most reports as a .PDF file.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| Denied Packets |
Summary of all the incoming and outgoing packets that were denied access through the device. This report also includes traffic denied for users who exceed the bandwidth and time quota settings on your device. To include this report in a schedule for reports sent to an email destination, select the Exceptions > Denied Packets Summary report. To include this report in a schedule for reports sent to a directory destination, select the Exceptions > Denied Packets (Summary and Detail) or the Exceptions > Denied Packets by Client (Summary) reports. |
Email, Directory | |
| Denied Quota |
Summary of the denied traffic by hits for users who exceed the bandwidth and time quotas configured on your device. Includes the name of the user, the count of user attempts to connect, and the percentage of denied connections for each user. To include this report in a schedule, select the Exceptions > Denied Quota Summary report. |
||
| Alarms |
Summary of all the alarm records generated for the device. To include this report in a schedule, select the Exceptions > Alarms Summary Report report. |
Email, Directory | |
| Authentication | Allowed |
Summary of all users who successfully authenticated to the device. Includes the login time, logout time, duration, and connection method. If bandwidth and time quotas are enabled on your Firebox, the quota usage details also appear for each user. To include this report in a schedule, select the Firebox Reports > User Authentication report. |
Directory |
| Denied |
Summary of all users who were not allowed to authenticate to the device. Includes the date, time, and reason authentication failed. To include this report in a schedule, select the Firebox Reports > User Authentication Denied report. |
Directory | |
| Audit Trail |
Summary of all audited configuration changes for a device. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes. To include this report in a schedule, select the Firebox Reports > Audit Trail report. |
Directory | |
| Blocked Default Threats |
Summary of the packets blocked by the Fireware Default Threat Protection feature. To include this report in a schedule, select the Firebox Reports > Blocked Default Threats report. |
Directory | |
| DHCP Lease Activity |
Summary of all activity on the device related to the DHCP lease. To include this report in a schedule, select the Firebox Reports > DHCP Lease Activity report. |
Directory | |
| Device Statistics |
Summary of the bandwidth statistics for all interfaces on the Firebox. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. To include this report in a schedule for reports sent to the ConnectWise destination, select the ConnectWise > Firebox Statistics report. To include this report in a schedule for reports sent to an email or directory destination, select the Firebox Reports > Device Statistics report. |
Email, Directory, ConnectWise | |
| Policy Usage |
Summary of all policies included in the Firebox configuration. For each policy, the policy name, number of hits, number of bytes, and the date and time the policy was last used appear. Policies that have been deleted appear in red with Deleted in the Status column. Before you can see this report, Dimension Command must be enabled in your Firebox feature key. You can export the Policy Usage report as a .CSV file. To include this report in a schedule, select the Firebox Reports > Policy Usage report. |
Directory | |
| Wireless Intrusion Detection | Summary |
Summary of all Wireless Intrusion Detection actions. Rogue access point detection must be enabled on a device to see this information for the device. To include this report in a schedule, select the Wireless Intrusion Detection > Wireless Intrusion Detection Summary report. |
Email, Directory |
Detail
Detail reports provide a textual, grid-based view of detail information. Detail reports can be viewed and exported as a .CSV file.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| Zero-Day Malware (APT) | Zero-Day Malware (APT) Detail |
Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall). Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. To see more detailed information (includes MD5 and Threat Level information), click Threat Details for each threat in the report. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Zero-Day Malware (APT) Detail report. |
Directory |
| Content Name |
Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by content name. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Content Type report. |
Directory | |
| Threat ID |
Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat ID report. |
Directory | |
| Malicious Activity |
Detailed report of the malicious activity on your network that was identified as Zero-Day Malware by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Malicious Activity report. |
Directory | |
| Recipient/Destination |
Detailed report of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Destination report. |
Directory | |
| Threat Level |
Detailed report of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat Level report. |
Directory | |
| Advanced Malware (APT) | Advanced Malware (APT) Detail |
Detailed report of all the threats identified by APT Blocker. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. To see more detailed information (includes MD5 and Threat Level information), click Threat Details for each threat in the report. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Detail report. |
Directory |
| Content Name |
Detailed report of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report. |
Directory | |
| Threat ID |
Detailed report of the malware detected by APT Blocker, organized by the Threat ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report. |
Directory | |
| Malicious Activity |
Detailed report of the malicious activity on your network that was detected by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Malicious Activity report. |
Directory | |
| MIME Type |
Detailed report of the MIME types used on your network. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by MIME Type report. |
Directory | |
| Protocol |
Detailed report of the protocols used for malicious activity on your network that was detected by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report. |
Directory | |
| Recipient/Destination |
Detailed report of the recipient names and destination addresses for malicious activity on your network. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report. |
Directory | |
| Sender/Source |
Detailed report of the sender names and source addresses for malicious activity on your network. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report. |
Directory | |
| Alarms | Threat Level |
Detailed report of the threat levels assigned to malicious activity on your network. Includes the time of the event, the name of the alarm, and an informational message for each alarm event. To include this report in a schedule, select the Exceptions > Alarms report. |
Directory |
| Application Usage | Client |
Detailed report about the applications used by clients on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report. |
Directory |
| Source |
Detailed report about the source IP address of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report. |
Directory | |
| Mobile Device |
Detailed report about the source IP address of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report. |
Directory | |
| Category |
Detailed report about the categories of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report. |
Directory | |
| Application |
Detailed report about the applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report. |
Directory | |
| Blocked Applications | Client |
Detailed report about the applications used on your network that were blocked by Application Control, by client. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Directory |
| Source |
Detailed report about the applications used on your network that were blocked by Application Control, by source IP address. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Directory | |
| Mobile Device |
Detailed report about the applications used on your network that were blocked by Application Control, by mobile device. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Directory | |
| Category |
Detailed report about the applications used on your network that were blocked by Application Control, by category. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Directory | |
| Application |
Detailed report about the applications used on your network that were blocked by Application Control, by application. To include this report in a schedule, select the Application Control > Blocked Application Summary report. |
Directory | |
| Blocked Websites | By Category |
Detailed report about all websites that were blocked, organized by category. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report. |
Directory |
| By Client |
Detailed report about all websites that were blocked, organized by client. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report. |
Directory | |
| By Mobile Device |
Detailed report about all websites that were blocked, organized by mobile device. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report. |
Directory | |
| Botnet Detection |
Detailed report about the traffic sent to and from a botnet address. Includes the date and time of the traffic, the source and destination addresses, the number of attempts made to send traffic to the botnet site, the protocol used, and whether the address was the source or destination. You can click the client or destination to filter the report data on that data. To include this report in a schedule, select the Botnet Detection > Blocked Botnet Site Detail. |
Directory | |
| Data Loss Violations (DLP) |
Detailed report about all the violations of the Data Loss Prevention rules configured on your device. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Detail report. |
Directory | |
| Denied Packets | By Detail |
Detailed report of all the packets denied by your device, organized by detail. Includes the time of the first action, the source and destination IP addresses, the number of attempts for each packet, the protocol and port, and the action. |
Directory |
| By Client Detail |
Detailed report of all the packets denied by your device, organized by client. Includes the IP address of the client, the first and last date/time the packet was denied, the intended packet destination, the protocol and port , and the number of attempts for each packet. |
Directory | |
| Denied Quota |
Detailed report of traffic denied because of bandwidth and time quota settings on your Firebox. Includes the time of the first action, the source and destination of the traffic, the number of connection attempts, the protocol applied to the traffic, and the quota action applied. |
||
| Mobile Devices |
Detailed report of all the mobile device connections through your Firebox. Details include the date/time, mobile device name, connection status, user name, UUID of FireClient, compliance check results, IP address of the mobile device, MAC address of the mobile device, device type, OS version of the mobile device, and VPN type. This report can be exported to a .CSV file. To include this report in a schedule, select the Mobile Device Reports > Mobile Device Summary report. |
Directory | |
| Virus (GAV) | By Detail |
Detailed report of all Gateway AntiVirus actions, organized by detail. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Detail report. |
Directory |
| By Email Sender |
Detailed report of Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Email Sender report. |
Directory | |
| By Host (HTTP) |
Detailed report of Gateway AntiVirus actions, organized by host name. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Host (HTTP) report. |
Directory | |
| By Protocol |
Detailed report of Gateway AntiVirus actions, organized by the protocol used for the traffic. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Protocol report. |
Directory | |
| By Virus |
Detailed report of Gateway AntiVirus actions, organized by virus name. Includes allowed and denied hits. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Virus report. |
Directory | |
| Intrusions (IPS) |
Detailed report of all Intrusion Prevention Service actions. To include this report in a schedule, select the Intrusions (IPS) Reports > Intrusions (IPS) Detail report. |
Directory | |
|
By IP-Spoofed Packets |
Detailed report of Intrusion Prevention service actions, by IP-spoofed packets. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by IP-Spoofed Packets report. |
Directory | |
|
By Protocol |
Detailed report of Intrusion Prevention service actions, by protocol. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Protocol report. |
Directory | |
|
By Signature |
Detailed report of Intrusion Prevention service actions, by the signature ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Signature report. |
Directory | |
|
By Source |
Detailed report of Intrusion Prevention service actions, by the source address. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Source report. |
Directory | |
|
By Threat Level |
Detailed report of Intrusion Prevention service actions, by threat level. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Threat Level report. |
Directory | |
| POP3 Proxy |
Detailed report about all traffic through the POP3-proxy. To include this report in a schedule, select the POP3 Proxy > POP3 Proxy Detail report. |
Directory | |
| SMTP Proxy |
Detailed report about all traffic through the SMTP-proxy. To include this report in a schedule, select the SMTP Proxy > SMTP Proxy Detail report. |
Directory | |
| Web Audit | By Category |
Detailed report about all allowed web traffic connections through your device, organized by category. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report. |
Directory |
| By Client |
Detailed report about all allowed web traffic connections through your device, organized by client. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report. |
Directory | |
| By Mobile Device |
Detailed report about all allowed web traffic connections through your device, organized by mobile device. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Mobile Device report. |
Directory | |
| AP Device Events | Detailed report of all events that occur on the AP devices connected to your Firebox. Includes the event time, the AP device name. and the event message. | ||
| Rogue Access Points |
Detailed report of all rogue access point detection events. Includes the SSID, BSSID, and time of each rogue access point detection event. |
Health
Health reports include statistics about the health of your connected Fireboxes. Reports can be viewed and downloaded as a .PDF file, or scheduled for delivery.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| Health Summary | Detailed statistics about memory usage, CPU usage, and the physical interfaces on the Firebox. Includes minimum, average, and maximum values. | Email, Directory | |
| Usage Summary | Detailed report with a list and a chart of the memory and CPU usage statistics. | Email, Directory | |
| Interface Summary | Physical Interfaces |
Detailed report with a list and a chart of the sent and received statistics for each interface. Can pivot by byte, rate, and packets |
Email, Directory |
AP Devices
When you enable logging for reports in the Gateway Wireless Controller, and you configure your Firebox to send log messages to Dimension, your Firebox also captures log messages for your connected AP devices and sends them to Dimension. Dimension then generates these reports about your AP devices. AP devices reports can be exported as a .PDF or .CSV file, dependent on the report type.
| Report Type | Pivot Name | Description | Report Export Type |
|---|---|---|---|
| AP Devices |
Summary of the AP devices connected to the selected Firebox. Includes the AP device name, serial number, connected clients (average and maximum number of connections over the selected period), connection rate (average and maximum number of connections over the selected period), and the latest firmware version. Includes a bar chart with the top 10 AP devices. |
||
| Average Clients | Includes the average number of connected clients over the selected period. | ||
| Max Clients | Includes the maximum number of connected clients over the selected period. | ||
| Average Rate | Includes the average amount of data transferred over the selected period. | ||
| Max Rate | Includes the maximum amount of data transferred over the selected period. | ||
| AP Device Usage | Summary report of the connected clients for an AP device over the selected period. Includes the time, clients, MB sent, MB received, and the total MBs sent through the AP device. | ||
| Bytes | Includes a line graph of the AP device usage by bytes. | ||
|
Connected Clients |
Includes a line graph of the AP device usage by the number of connected clients. | ||
| SSID Usage | Summary report of the number of clients connected to a single SSID over the selected period. Includes the time, number of clients, bytes sent, bytes received, and total number of bytes. | ||
| Bytes | Includes a chart of the SSID usage by bytes. | ||
| Clients | Includes a chart of the SSID usage by the number of connected clients. | ||
| Rogue Access Points | Summary report of the rogue access points detected by the Firebox. Includes the SSID and BSSID of the rogue access point, and the times and dates when the access points were first and last detected. | CSV |
Compliance
Compliance report groups combine other reports, but include information specific to HIPAA and PCI reports. You can view the combined report or export it as a .PDF.
| Report Type | Pivot Name | Description | Report Schedule Destination |
|---|---|---|---|
| PCI |
Summary of the compliance report data related to PCI. This report is only available for a report schedule. To include this report in a schedule, select the Compliance Reports > PCI report. |
Email, Directory | |
| Zero-Day Malware (APT) |
Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall), that are relevant to PCI. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. |
||
| Advanced Malware (APT) |
Detailed report of all the threats identified by APT Blocker, that are relevant to PCI. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. |
||
| Virus (GAV) | Detailed report of the Gateway AntiVirus actions, that are relevant to PCI. | ||
| Intrusions (IPS) | Detailed report of all Intrusion Prevention Service actions, that are relevant to PCI. | ||
| Audit Trail |
Detailed report of all audited configuration changes for a device, that are relevant to PCI. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes. |
||
| Alarms | Summary report of alarm records on the device, that are relevant to PCI. | ||
| User Authentication |
Detailed list of users authentication to the device, that are relevant to PCI. Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied). |
||
| HIPAA |
Summary of the compliance report data related to HIPAA. This report is only available for a report schedule. To include this report in a schedule, select the Compliance Reports > HIPAA report. |
Email, Directory | |
| Intrusions (IPS) | Detailed report of all Intrusion Prevention Service actions, that are relevant to HIPAA. | ||
| Audit Trail |
Detailed report of all audited configuration changes for a device, that are relevant to HIPAA. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes. |
||
| Alarms | Summary report of alarm records on the device, that are relevant to HIPAA. | ||
| User Authentication |
Detailed list of users authentication to the device, that are relevant to HIPAA. Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied). |
For more information about compliance reports see:
Available Reports for Servers
From any Server page, you can see the reports that were automatically generated from the available log message data for the selected server.
When you create a report schedule for your WatchGuard servers, you can select the Audit Summary or Authentication Audit reports.
| Report Type | Description | Report Schedule Destination |
|---|---|---|
| Authentication Audit | Detailed report of all authenticated users for the server. | Directory |
| Audit Details |
Detailed report of all the changes made to the server configuration. Includes the user account that made the changes, a description of the changes, the date and time of the changes, and any comments that the user specified when the changes were saved to the server. |
Directory |
| Audit Summary | Summary report of all the changes made to the server configuration. | Email, Directory |