View Network Events in TDR
The end-of-life date for TDR is 30 September 2023. On this date, the TDR UI in WatchGuard Cloud will no longer be available. Host Sensors will continue to function, but remediation and report generation will be disabled. To upgrade your Host Sensors to Endpoint Security, go to the Host Sensor upgrade to Endpoint Security Knowledge Base article.
On the Network Events page, you can view details about network threat events identified by Fireboxes on your network. These are the details for network indicators identified for a host. These details include the Raw Message, which is a type of log message with information such as the Firebox interface and the source and destination IP addresses for the connection.
To view network events:
- Select Monitor > Threat Detection.
- In the System section, select Network Events.
- Next to an event, click
.
The Raw Message from the Firebox appears. - To close the Raw Message, click
.
The Type column shows the type of network event.
Event Type | Description |
---|---|
BlockedSitesByBotnet | Botnet Detection blocked traffic from a suspected botnet site. |
BlockedSitesByFQDN | The Firebox blocked a connection because it matched an FQDN on the Blocked Sites list. |
BlockedSitesByIP | The Firebox blocked a connection because it matched an IP address on the Blocked Sites list. |
DnsQuestionMatch | The DNS proxy a DNS query that matched a Query Name configured with the Deny action in the DNS-proxy action. |
HttpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an HTTP connection. |
HttpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an HTTP connection. |
HttpBadReputation | Reputation Enabled Defense blocked an HTTP connection to a site with a bad reputation. |
HttpRequestCategories | WebBlocker blocked a connection to a site in a blocked content category. |
HttpVirusFound | Gateway AntiVirus detected a virus in an HTTP connection. |
SmtpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an SMTP connection. |
SmtpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an SMTP connection. |
SmtpVirusFound | Gateway AntiVirus detected a virus in an SMTP connection. |
To make sure that your Firebox sends events to your TDR account, configure policies and services in the Firebox configuration to send a log message for any Block, Drop, or Deny action. For more information, go to Configure Proxy Policies for TDR.