Views:
The SMS includes different types of Inspection events: Quarantine, Rate Limit, and Reputation events, which also includes the geographic location information for an IP address. The following table describes the columns in the Inspection Events table. By default, events are shown for the last 15 minutes. As traffic moves through your network, new events appear at the top. The initial view of certain segment and device tables are empty and have the option to customize the table listing by adding list items using the Add option. You can also use the table to define the order, visibility, sorting, and aggregation properties of each column.
Note
Note
By default, DNS data does not display in the events table. To configure the IP Identifier and enable the DNS lookup service, see IP address identifier.
Column Description
Time Date and time that the event was processed by the inspection.
Note
Note
The time displayed in the Time column for events reflects the time of the actual event on the detection device. This might not correspond to the SMS Receipt Time or the Device Log Time reported in the Event Details dialog. The differences might depend on the timekeeping configuration of the systems and on the speed of the network.
Severity Indicates the importance of the event.
Name Name of the filter that generated the alert or block.
Category Type of event filter.
Action Type of action for the filter.
Hit Count Number of times there was a filter match.
Profile Profile associated with the alert or block.
Device Name of the device responding to the traffic.
Segment/Rule Segment for inspection events.
Src. Addr. Source IP address of the traffic that caused the event. Expand this column for location details, including geography map, region, city, and named resource.
Src. Port Port of the source IP address.
Src. User Login name of the source user.
Client Addr. The IP address of the attacking client. Expand this column for location details, including geography map, region, city, and named resource.
Dst. Addr. Destination IP address of the system at which the event was targeted. Expand this column for location details, including geography map, region, city, and named resource.
Dst. Port Port of the destination IP address.
Dst. User Login name of the destination user.
Seg Number of the segment.
VLAN VLAN on which the event took place.
Trace Indicates if the event has a packet trace (or saved portion of the packet used in the event).
SSL Inspect Indicates whether the event was part of an SSL session.
HTTP Hostname Indicates whether there is an HTTP URI associated with the event and identifies the hostname. URI information displays in the Permit, Block, Rate Limit, and Trust logs.
Comment Information added by the user.