Contents

Botnet Detection Report

The Botnet Detection report shows a summary of activity on your network related to botnet sites. The report includes the top blocked botnet sites, clients blocked, and the destinations botnet sites tried to connect to.

This report is available only if log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report , follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you to undersstand botnet activity on your network. Here are some ways to use this report:

  • Select the Botnet Detection by Client pivot to identify clients that were blocked before they connected to botnet sites.
  • Select the Blocked Botnet Sites pivot to see a list of the top botnet destinations.
  • Use the Detail report to see which protocols are associated with connections to botnet applications.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Activity Trend

Summary report of a trend of the sites that were scanned in relation to the number of blocked botnet sites.

Blocked Botnet Sites

Summary report of the top 50 blocked botnet sites.

Botnet Detection by Client

Summary report of all the activity on your network related to botnet sites, by client. Summary data shows the top 50 clients that were blocked before they connected to botnet sites.

Botnet Detection by Destination

Summary report of all the activity on your network related to botnet sites, by destination. Summary data shows the top 50 destinations that botnet sites tried to connect to and were blocked.

Detail View

To view a detailed report of all botnet activity on your network, click the View Details link at the top of the report.

Screen shot of View Details link in a report

The Botnet Detection Detail report includes a row for each instance of botnet activity detected on your network:

Column Description
First Action At Date and time that the traffic was first detected.
Source IP address of the traffic source.
Destination IP address of the traffic destination.
Attempts Number of attempts made to send traffic to the botnet site.
Protocol Protocol used to send the traffic.
Botnet Indicates whether the botnet address was the source or destination of the traffic.

Enable Logging for this Report

To collect the data required for this report:

  • The device feature key must support the Reputation Enabled Defense (RED) security service.
  • The Botnet Detection security service must be enabled. For more information, see Configure Botnet Detection.

See Also

WatchGuard Cloud Device Reports

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search