Views:
Reputation reports provide data on malicious IP addresses or DNS domains. The SMS includes the following reputation report templates:
  • All DNS Requestors
  • All Reputation DNS Names
  • All Reputation Events
  • All Reputation IP Addresses
  • Specific Reputation DNS Names
  • Specific Reputation Events
  • Specific Reputation IP Addresses
  • Top DNS Requestors
  • Top Reputation by Country
  • Top Reputation DNS Names
  • Top Reputation Events
  • Top Reputation IP Addresses
The following table lists the criteria panels that are available for those report templates.
Use this criteria panel... To filter the report by:
Filter Criteria Details including filter name and number, category, profile, severity, Reputation Type, and action
Attack filters are assigned a severity level which indicates the importance of attack traffic. Severities are color-coded to help you quickly identify and respond to attack traffic.
The SMS uses the following severity levels:
  • Critical — Indicates critical attacks that must be looked at immediately.
  • Major — Indicates major attacks that must be looked at soon.
  • Minor — Indicates minor attacks that should be looked at as time permits.
  • Low — Indicates traffic that is probably normal, but may have security implications.
Filter Taxonomy Criteria Classification, protocol, and/or platform. Click the Lookup icon to quickly search the list.
Network Criteria Addresses and Ports, VLAN, country, URL, and/or client IP.
User Info Criteria Source and destination information for users, domains, and machines.
Device or segment Segment, device, or stack.
  • Click Add to add a device or segment.
  • Click Delete to remove an existing device or segment.