Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-WAF logs
- 07-Threat logs
- 08-Reputation logs
- 09-URL filtering logs
- 10-File filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-Terminal status
- 15-Application audit logs
- 16-System logs
- 17-Configuration logs
- 18-Traffic logs
- 19-TopN traffic
- 20-Security policy hit analysis
- 21-TopN threats
- 22-TopN URL filtering statistics
- 23-TopN file filtering statistics
- 24-Attack defense statistics
- 25-Connection rate ranking
- 26-TopN traffic trends
- 27-Security policy hit trend analysis
- 28-TopN threat trends
- 29-TopN URL filtering trends
- 30-TopN file filtering trends
- 31-Botnet analysis
- 32-Asset security
- 33-Threat case management
- 34-Report settings
- 35-Session list
- 36-User information center
- 37-IPv4 online users
- 38-IPv6 online users
- 39-MAC authentication online users
- 40-Terminal status
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 21-TopN threats | 50.00 KB |
TopN threats
This help contains the following topics:
Introduction
The device analyzes detected threat events (including IPS events and anti-virus events) and generates the following types of threat ranking reports:
· TopN Users.
· TopN Applications.
· TopN Threat Types.
· TopN Attackers.
· TopN Attacked Targets.
· TopN Threat Names.
These threat ranking reports help administrators customize IPS profiles and anti-virus profiles to improve network security.
On each of the preceding report configuration page, you can customize conditions such as the time range for statistics collection and the number of items to display. Then, you can generate the report and export the report as needed.
TopN users
The TopN Users page displays the topN users by the number of threats they are involved in.
Perform this task to generate the topN users threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 1 Statistics collection condition configuration items for the topN users threat report
|
Item |
Description |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Show Top |
Enter the number of users to display. |
3. Click Start.
4. To export the topN users threat report, click Export report.
TopN applications
The TopN Applications page displays the topN applications by the number of threats they are involved in.
Perform this task to generate the topN applications threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 2 Statistics collection condition configuration items for the topN applications threat report
|
Item |
Description |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Show Top |
Enter the number of applications to display. |
3. Click Start.
4. To export the topN applications threat report, click Export report.
TopN threat types
The TopN Threat Types page displays the topN types of the most common threats detected by the device.
Perform this task to generate the topN threat types threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 3 Statistics collection condition configuration items for the topN threat types threat report
|
Item |
Description |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Show Top |
Enter the number of threat types to display. |
3. Click Start.
4. To export the topN threat types threat report, click Export report.
TopN attackers
The TopN Attackers page displays the IP addresses of the topN attackers by the number of attacks they launched.
Perform this task to generate the topN attackers threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 4 Statistics collection condition configuration items for the topN attackers threat report
|
Item |
Description |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Threat type |
Select the types of threats for statistics collection. Options are: · IPS. · Anti-virus. · All. |
|
Show Top |
Enter the number of attackers to display. |
3. Click Start.
4. Click an attacker IP address on the topN attackers threat report and select Threat name to view the topN threats launched by the attacker.
5. Click an attacker IP address on the topN attackers threat report and select Attacked target to view the topN attacked targets for the attacker.
6. To export the topN attackers threat report, click Export report.
TopN attacked targets
The TopN Attacked Targets page displays the IP addresses of the topN attacked targets by the number of threats they are involved in.
Perform this task to generate the topN attacked targets threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 5 Statistics collection condition configuration items for the topN attacked targets threat report
|
Item |
Description |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Threat type |
Select the types of threats for statistics collection. Options are: · IPS. · Anti-virus. · All. |
|
Show Top |
Enter the number of attacked targets to display. |
3. Click Start.
4. Click an attacked target IP address on the topN attacked targets threat report and select Threat name to view the topN threats targeted at the attacked target.
5. Click an attacked target IP address on the topN attacked targets threat report and select Attacker to view the topN attackers for the attacked target.
6. To export the topN attacked targets threat report, click Export report.
TopN threat names
The TopN Threat Names page displays the topN most common threats detected by the device.
Perform this task to generate the topN threat names threat report and export the report.
Procedure
1. Click Stats conditions in the top left corner of the page.
2. Configure the statistics collection conditions.
Table 6 Statistics collection condition configuration items for the topN threat names threat report
|
Item |
Description |
|
Threat type |
Select the types of threats for statistics collection. Options are: · IPS. · Anti-virus. · All. |
|
Time range |
Select a time range from the list. Options are: · Today. · Past week. · Past month. · Custom. |
|
Attack category |
Select All, Attacker, or Attacked target. |
|
Show Top |
Enter the number of threats targets to display. |
3. Click Start.
4. Click a threat on the topN threat names threat report and select Attacker to view the topN attackers for the threat.
5. Click a threat on the topN threat names threat report and select Attacked target to view the topN attacked target for the threat.
6. To export the topN threat names threat report, click Export report.
