Views:
Executive Inspection Security reports provide a summary of the top attacks and can include specific report items from the following report areas:
  • Security: Top attacks, top destinations, top sources
  • Application: Top applications, top P2P peers
  • Reputation: Top events, top IP addresses, top DNS names, top URLs
The SMS includes one executive inspection security report template: Inspection Executive Report. The following table lists the criteria panels that are available for that report template.
Use this criteria panel... To filter the report by:
Filter Criteria Details including filter name and number, category, profile, severity, and action set.
Attack filters are assigned a severity level which indicates the importance of attack traffic. Severities are color-coded to help you quickly identify and respond to attack traffic.
The SMS uses the following severity levels:
  • Critical — Indicates critical attacks that must be looked at immediately.
  • Major — Indicates major attacks that must be looked at soon.
  • Minor — Indicates minor attacks that should be looked at as time permits.
  • Low — Indicates traffic that is probably normal, but may have security implications.
Filter Taxonomy Criteria Classification, protocol, and/or platform. Click the Lookup icon to quickly search the list.
Network Criteria Addresses and Ports, VLAN, country, URL, and/or client IP.
User Info Criteria Source and destination information for users, domains, and machines.
Device, Segment Criteria Segment, device, or stack.
  • Click Add to add a device or stack, device group, or physical segment.
  • Click Remove to remove an existing device, device group, or physical segment.
Report Options provide options that directly correlate with how your Report appears.
The Report Options panel may include some or all of the following options:
  • Chart Type
  • Classification labels
  • Include All Details Table
  • Number of matching details
  • Report logo
  • Report style
  • Security Classification label