On the Network Events page, you can see details about network threat events identified by Fireboxes on your network. These are the details for network indicators identified for a host. These details include the Raw Message, which is a type of log message with information such as the Firebox interface and the source and destination IP addresses for the connection.
To see network events:
- Select Monitor > Threat Detection.
- In the System section, select Network Events.
- Next to an event, click .
The Raw Message from the Firebox appears.
- To close the Raw Message, click .
The Type column shows the type of network event.
|BlockedSitesByBotnet||Botnet Detection blocked traffic from a suspected botnet site.|
|BlockedSitesByFQDN||The Firebox blocked a connection because it matched an FQDN on the Blocked Sites list.|
|BlockedSitesByIP||The Firebox blocked a connection because it matched an IP address on the Blocked Sites list.|
|DnsQuestionMatch||The DNS proxy a DNS query that matched a Query Name configured with the Deny action in the DNS-proxy action.|
|HttpAPTBlocked||APT Blocker blocked an Advanced Persistent Threat in an HTTP connection.|
|HttpAPTDetected||APT Blocker detected an Advanced Persistent Threat in an HTTP connection.|
|HttpBadReputation||Reputation Enabled Defense blocked an HTTP connection to a site with a bad reputation.|
|HttpRequestCategories||WebBlocker blocked a connection to a site in a blocked content category.|
|HttpVirusFound||Gateway AntiVirus detected a virus in an HTTP connection.|
|SmtpAPTBlocked||APT Blocker blocked an Advanced Persistent Threat in an SMTP connection.|
|SmtpAPTDetected||APT Blocker detected an Advanced Persistent Threat in an SMTP connection.|
|SmtpVirusFound||Gateway AntiVirus detected a virus in an SMTP connection.|
To make sure that your Firebox sends events to your TDR account, configure policies and services in the Firebox configuration to send a log message for any Block, Drop, or Deny action. For more information, see Configure Proxy Policies for TDR.