Home » ZyXEL Manuals » Networking » ZyXEL Vantage Report 2.3 » Manual Viewer

ZyXEL Vantage Report 2.3 User Guide - Page 391

Security Threat Top Users

Get ZyXEL Vantage Report 2.3 PDF manuals and user guides

View all ZyXEL Vantage Report 2.3 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 391 highlights

Chapter 9 Web Security Table 165 Report > Web Security > Security Threat > Top Sites > Drill-Down LABEL DESCRIPTION Host This field displays the top sources of blocked web traffic to the selected destination, sorted by the number of attempts attributed to each one. Color Attempts % of Attempts View Logs Total Back Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. This field displays what color represents each source in the graph. This field displays the number of attempts from each source to the selected destination. This field displays what percentage of all attempts to access blocked web sites was made by each source to the selected destination. Click this icon to see the logs that go with the record. This entry displays the totals for the sources above. If the number of sources of attempts to the selected destination is greater than the maximum number of records displayed in this table, this total might be a little lower than the total in the main report. Click this to return to the main report. 9.1.5 Security Threat Top Users Use this report to look at the users for which the device blocked the most web site access attempts. Note: To look at security policy Web blocked reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User's Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User's Guide 391

Section	Page
Vantage Report	1
About This User's Guide	3
Document Conventions	5
Contents Overview	7
Table of Contents	9
Introduction	19
Introducing Vantage Report	21
1.1 Introduction	21
1.2 License Versions	22
1.3 Hardware Requirements	22
The Vantage Report Server	23
2.1 Starting and Stopping the Vantage Report Server	23
2.2 E-Mail in the Vantage Report Server	24
2.3 Time in the Vantage Report Server	25
2.4 Common Terms	25
2.5 Common Icons	27
2.6 ZyXEL Device Configuration and Source Data	27
The Web Configurator	33
3.1 Web Configurator Requirements	33
3.2 Web Configurator Access	33
3.3 Main Menu Bar	37
3.3.1 The About Screen	37
3.4 Device Window	37
3.5 Menu Panel	41
3.6 Report and Setting Window	52
3.6.1 Device Information Screen	53
3.6.2 Monitors and Statistical Reports	54
3.6.3 View Logs	59
3.7 System Dashboard	59
Monitors, Reports and Logs	63
Monitor	65
4.1 Monitor (Folder)	65
4.1.1 Customize the Column Fields	66
4.2 Dashboard	67
4.3 Dashboard	69
4.4 CPU Usage Monitor	71
4.5 Memory Usage Monitor	72
4.6 Session Usage Monitor	73
4.7 Port Usage Monitor	74
4.8 Interface Usage Monitor	75
4.9 Web Monitor	77
4.10 FTP Monitor	78
4.11 E-Mail Monitor	79
4.12 Site to Site (IPSec) VPN Monitor	80
4.13 Client to Site (IPSec) VPN Monitor	81
4.14 Client to Site (SSL) VPN Monitor	82
4.15 Firewall Access Control Monitor	83
4.16 Attack Monitor	84
4.17 Intrusion Hits	85
4.18 Anti-Virus Monitor	86
4.19 E-Mail Virus Found Monitor	87
4.20 Spam Monitor	88
4.21 E-Mail Intrusion Hits Monitor	89
4.22 Web Security - Security Threat Monitor	90
4.23 Web Security Virus Found Monitor	91
4.24 Web Security Intrusion Hits Monitor	92
4.25 Content Filter Monitor	93
4.26 Application Patrol Monitor	94
Network Traffic	95
5.1 Bandwidth	95
5.1.1 Bandwidth Summary	95
5.1.2 Bandwidth Summary Drill-Down	99
5.1.3 Bandwidth Top Protocols	100
5.1.4 Bandwidth Top Protocols Drill-Down	104
5.1.5 Top Bandwidth Hosts	106
5.1.6 Top Bandwidth Hosts Drill-Down	110
5.1.7 Top Bandwidth Users	112
5.1.8 Top Bandwidth Users Drill-Down	115
5.1.9 Top Bandwidth Destinations	117
5.1.10 Top Bandwidth Destinations Drill-Down	121
5.2 Web Traffic	123
5.2.1 Top Web Sites	123
5.2.2 Top Web Sites Drill-Down	126
5.2.3 Top Web Hosts	128
5.2.4 Top Web Hosts Drill-Down	131
5.2.5 Top Web Users	133
5.2.6 Top Web Users Drill-Down	136
5.3 FTP Traffic	138
5.3.1 Top FTP Sites	138
5.3.2 Top FTP Sites Drill-Down	141
5.3.3 Top FTP Hosts	143
5.3.4 Top FTP Hosts Drill-Down	146
5.3.5 Top FTP Users	148
5.3.6 Top FTP Users Drill-Down	151
5.4 Mail Traffic	153
5.4.1 Top Mail Sites	153
5.4.2 Top Mail Sites Drill-Down	156
5.4.3 Top Mail Hosts	158
5.4.4 Top Mail Hosts Drill-Down	161
5.4.5 Top Mail Users	163
5.4.6 Top Mail Users Drill-Down	166
5.5 Other Traffic	168
5.5.1 Platform Selection	169
5.5.2 Service Settings	169
5.5.3 Top Destinations of Other Traffic	170
5.5.4 Top Destinations of Other Traffic Drill-Down	173
5.5.5 Top Sources of Other Traffic	174
5.5.6 Top Sources of Other Traffic Drill-Down	177
5.5.7 Top Other Traffic Users	178
5.5.8 Top Users of Other Traffic Drill-Down	181
Secure Remote Access	183
6.1 Secure Remote Access - Site-to-Site (IPSec)	183
6.1.1 Secure Remote Access Link Status	183
6.1.2 Secure Remote Access Traffic Monitor	185
6.1.3 Top VPN Peer Gateways	186
6.1.4 Top VPN Peer Gateways Drill-Down	189
6.1.5 Top Secure Remote Access Sites	191
6.1.6 Top Secure Remote Access Sites Drill-Down	194
6.1.7 Top Secure Remote Access Tunnels	196
6.1.8 Top Secure Remote Access Tunnels Drill-Down	199
6.1.9 Top Secure Remote Access Protocols	201
6.1.10 Top Secure Remote Access Protocols Drill-Down	204
6.1.11 Top Secure Remote Access Hosts	206
6.1.12 Top Secure Remote Access Hosts Drill-Down	210
6.1.13 Top Secure Remote Access Users	212
6.1.14 Top Secure Remote Access Users Drill-Down	215
6.1.15 Top Secure Remote Access Destinations	217
6.1.16 Top Secure Remote Access Destinations Drill-Down	220
6.2 Secure Remote Access - Client-to-Site (IPSec)	222
6.2.1 Secure Remote Access User Status	223
6.2.2 Secure Remote Access User Status Drill-Down	225
6.2.3 Top Secure Remote Access Protocols	227
6.2.4 Top Secure Remote Access Protocols Drill-Down	230
6.2.5 Top Secure Remote Access Destinations	232
6.2.6 Top Secure Remote Access Destinations Drill-Down	235
6.2.7 Secure Remote Access Top Users	237
6.2.8 Secure Remote Access Top Users Drill-Down	240
6.3 Secure Remote Access - Client-to-Site (SSL)	242
6.3.1 Secure Remote Access User Status	243
6.3.2 Secure Remote Access User Status Drill-Down	245
6.3.3 Top Secure Remote Access Protocols	246
6.3.4 Top Secure Remote Access Protocols Drill-Down	249
6.3.5 Top Secure Remote Access Destinations	251
6.3.6 Top Secure Remote Access Destinations Drill-Down	254
6.3.7 Top Secure Remote Access Applications	256
6.3.8 Top Secure Remote Access Applications Drill-Down	259
6.3.9 Secure Remote Access Top Users	261
6.3.10 Secure Remote Access Top Users Drill-Down	263
6.4 Xauth	265
6.4.1 Secure Remote Access Successful Login	265
6.4.2 Secure Remote Access Failed Login	267
Network Security	269
7.1 Firewall Access Control	269
7.1.1 Top Users Blocked	269
7.1.2 Top Packets Blocked	272
7.2 Attack	275
7.2.1 Attack Summary	275
7.2.2 Attack Summary Drill-Down	278
7.2.3 Top Attacks	279
7.2.4 Top Attacks Drill-Down	282
7.2.5 Top Attack Sources	283
7.2.6 Top Attack Sources Drill-Down	286
7.2.7 Attack Types	288
7.2.8 Attack Types Drill-Down	290
7.3 Intrusion Hits	291
7.3.1 Intrusion Hits Summary	291
7.3.2 Intrusion Hits Summary Drill-Down	294
7.3.3 Top Intrusion Hits Signatures	296
7.3.4 Top Intrusion Hits Signatures Drill-Down	299
7.3.5 Top Intrusion Hits Sources	301
7.3.6 Top Intrusion Hits Sources Drill-Down	304
7.3.7 Top Intrusion Hits Destinations	306
7.3.8 Top Intrusion Hits Destinations Drill-Down	309
7.3.9 Intrusion Hits Severities	311
7.3.10 Intrusion Hits Severities Drill-Down	314
7.4 Antivirus	315
7.4.1 Antivirus Summary	315
7.4.2 Virus Summary Drill-Down	318
7.4.3 Top Viruses	319
7.4.4 Top Viruses Drill-Down	322
7.4.5 Top Virus Sources	323
7.4.6 Top Virus Sources Drill-Down	326
7.4.7 Top Virus Destinations	328
7.4.8 Top Virus Destinations Drill-Down	330
E-Mail Security	333
8.1 Virus Found	333
8.1.1 Virus Found Summary	333
8.1.2 Virus Found Summary Drill-Down	336
8.1.3 Top Viruses	337
8.1.4 Top Viruses Drill-Down	340
8.1.5 Top Virus Sources	341
8.1.6 Top Virus Sources Drill-Down	344
8.1.7 Top Virus Destinations	346
8.1.8 Top Virus Destinations Drill-Down	348
8.2 Spam	349
8.2.1 Spam Summary	349
8.2.2 Spam Summary Drill-Down	352
8.2.3 Top Spam Senders	353
8.2.4 Top Spam Sources	356
8.2.5 Spam Scores	359
8.3 Intrusion Hits	361
8.3.1 Intrusion Hits Summary	361
8.3.2 Intrusion Hits Summary Drill-Down	363
8.3.3 Top Intrusion Hits Signatures	365
8.3.4 Top Intrusion Hits Signatures Drill-Down	367
8.3.5 Top Intrusion Hits Sources	368
8.3.6 Top Intrusion Hits Sources Drill-Down	371
8.3.7 Top Intrusion Hits Destinations	373
8.3.8 Top Intrusion Hits Destinations Drill-Down	376
8.3.9 Intrusion Hits Severities	378
8.3.10 Intrusion Hits Severities Drill-Down	380
Web Security	383
9.1 Security Threat	383
9.1.1 Security Threat Summary	383
9.1.2 Security Threat Summary Drill-Down	385
9.1.3 Security Threat Top Web Sites	387
9.1.4 Security Threat Top Sites Drill-Down	390
9.1.5 Security Threat Top Users	391
9.1.6 Security Threat Top Users Drill-Down	394
9.1.7 Security Threat Top Hosts	395
9.1.8 Security Threat Top Hosts Drill-Down	398
9.1.9 Security Threat Categories	399
9.1.10 Security Threat Categories Drill-Down	401
9.2 Virus Found	403
9.2.1 Virus Found Summary	403
9.2.2 Virus Found Summary Drill-Down	406
9.2.3 Top Viruses	407
9.2.4 Top Viruses Drill-Down	409
9.2.5 Top Virus Sources	410
9.2.6 Top Virus Sources Drill-Down	413
9.2.7 Top Virus Destinations	414
9.2.8 Top Virus Destinations Drill-Down	417
9.3 Intrusion Hits	418
9.3.1 Intrusion Hits Summary	418
9.3.2 Intrusion Hits Summary Drill-Down	421
9.3.3 Top Intrusion Hits Signatures	423
9.3.4 Top Intrusion Hits Signatures Drill-Down	426
9.3.5 Top Intrusion Hits Sources	428
9.3.6 Top Intrusion Hits Sources Drill-Down	431
9.3.7 Top Intrusion Hits Destinations	433
9.3.8 Top Intrusion Hits Destinations Drill-Down	436
9.3.9 Intrusion Hits Severities	438
9.3.10 Intrusion Hits Severities Drill-Down	440
Security Policy Enforcement	443
10.1 EPS	443
10.1.1 What Endpoint Security Can Check	443
10.1.2 EPS Summary	444
10.1.3 View Logs	445
10.2 Content Filter (All)	446
10.2.1 Summary	446
10.2.2 Summary Drill-Down	448
10.2.3 Top Sites	450
10.2.4 Top Sites Drill-Down	453
10.2.5 Top Users	455
10.2.6 Top Users Drill-Down	458
10.2.7 Top Hosts	459
10.2.8 Top Hosts Drill-Down	462
10.2.9 By Category	463
10.2.10 By Category Drill-Down	466
10.3 Content Filter (Blocked)	467
10.3.1 Summary	467
10.3.2 Summary Drill-Down	469
10.3.3 Top Blocked Sites	471
10.3.4 Top Blocked Sites Drill-Down	474
10.3.5 Top Blocked Users	476
10.3.6 Top Blocked Users Drill-Down	479
10.3.7 Top Blocked Hosts	480
10.3.8 Top Blocked Hosts Drill-Down	483
10.3.9 Blocked Web Categories	484
10.3.10 Blocked Web Categories Drill-Down	487
10.4 Application Access Control	488
10.4.1 Top Applications Blocked	488
10.4.2 Top Users Blocked	491
10.4.3 Top Applications Allowed	494
Event	499
11.1 Successful Logins	499
11.2 Failed Logins	501
11.3 Top Sessions Per Host	502
11.4 Top Sessions Per User	505
Schedule Report	509
12.1 Scheduled Report Summary Screen	509
12.2 Customize Daily Report Screen	510
12.3 Customize Weekly Report Screen	518
12.4 Customize Overtime Report Screen	520
12.5 Configure Template List	522
12.6 Template Add/Edit	523
12.7 Logo Template	523
12.8 Logo Template Add/Edit	524
Logs	527
13.1 Log Viewer	527
13.2 Log Receiver	531
13.2.1 By Day (Summary)	531
13.3 By Device	533
13.3.1 Log Receiver > By Device > By Category Screen	535
13.4 VRPT System Logs	536
13.5 Log Archiving	538
13.5.1 File Archiving Settings	538
13.5.2 View Archived Files	541
13.5.3 Log Transfer	543
13.6 Log Remove	544
System Setting, User Management and Troubleshooting	547
System Setting	549
14.1 General Configuration Screen	549
14.1.1 Configuring for Hostname Reverse	551
14.2 Server Configuration Screen	554
14.3 Data Maintenance Screens	555
14.3.1 Data Backup and Data Restore Screen	555
14.3.2 Device List Screen	556
14.4 Upgrade Screen	557
14.5 Registration Screens	558
14.5.1 Registration Summary Screen	559
14.5.2 Registration > Upgrade Screen	560
14.6 Notification	561
14.6.1 Add/Edit a Notification	563
14.7 Rule-Based Alert	565
14.7.1 Add/Edit a Rule-based Alert	566
User Management	577
15.1 Group Screen	577
15.1.1 Group > Add/Edit Group Screen	578
15.2 Account Screen	579
15.2.1 Account > Add/Edit User Account Screen	580
Troubleshooting	583
Appendices and Index	587
Product Specifications	589
ZyWALL USG Series and ZyWALL 1050 Log Descriptions	599
ZyNOS Log Descriptions	645
Open Software Announcements	671
Legal Information	709