On the Network Events page, you can see details about network threat events identified by Fireboxes on your network. These are the details for network indicators identified for a host. These details include the Raw Message, which is a type of log message with information such as the Firebox interface and the source and destination IP addresses for the connection.
To see network events:
- Select Monitor > Threat Detection.
- In the System section, select Network Events.
- Next to an event, click
.
The Raw Message from the Firebox appears. - To close the Raw Message, click
.
The Type column shows the type of network event.
| Event Type | Description |
|---|---|
| BlockedSitesByBotnet | Botnet Detection blocked traffic from a suspected botnet site. |
| BlockedSitesByFQDN | The Firebox blocked a connection because it matched an FQDN on the Blocked Sites list. |
| BlockedSitesByIP | The Firebox blocked a connection because it matched an IP address on the Blocked Sites list. |
| DnsQuestionMatch | The DNS proxy a DNS query that matched a Query Name configured with the Deny action in the DNS-proxy action. |
| HttpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an HTTP connection. |
| HttpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an HTTP connection. |
| HttpBadReputation | Reputation Enabled Defense blocked an HTTP connection to a site with a bad reputation. |
| HttpRequestCategories | WebBlocker blocked a connection to a site in a blocked content category. |
| HttpVirusFound | Gateway AntiVirus detected a virus in an HTTP connection. |
| SmtpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an SMTP connection. |
| SmtpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an SMTP connection. |
| SmtpVirusFound | Gateway AntiVirus detected a virus in an SMTP connection. |
To make sure that your Firebox sends events to your TDR account, configure policies and services in the Firebox configuration to send a log message for any Block, Drop, or Deny action. For more information, see Configure Proxy Policies for TDR.