FortiAnalyzer Version 3.0 MR3 Administration Guide
114 05-30003-0082-20060925
Security event summaries Traffic summary and security events
Figure 50: Viewing event correlation report list
Viewing virus activity
The Virus Activity page correlates all virus logs stored on the FortiAnalyzer unit
and produces a report of the overall virus activity on the network. The
FortiAnalyzer unit reviews the virus logs at a scheduled interval, providing access
to the virus activity on your network. For details on configuring the virus event
correlation, “Adding a security event report” on page 113.
To view virus activity, go to Network Summary > Virus Activities.
Figure 51: Viewing Virus activity
Report Engine The name of the report. The FortiAnalyzer unit includes three
default report engines for Virus, Intrusion and Suspicious.
Frequency The time when the FortiAnalyzer unit runs a report.
Devices/Groups The device or group of device logs the FortiAnalyzer unit uses
when generating the report.
Threshold Indicates the maximum number of times a host has attempted to
attack or infect users on the network before it is included in the
report. For a virus event, it also indicates the amount of traffic in
megabytes that is acceptable from a single source before it is
considered a virus event. The Traffic threshold is only available on
Suspicious event reports.
Action Select Delete to remove the report name. Note that the Virus,
Intrusion and Suspicious reports are included by default. You
cannot delete these reports from the FortiAnalyzer unit.
Select Edit to modify the configuration of the report.
Select Go to run the report immediately.
Select View to view the report results.
Create New Select to add a new event correlation report.
Delete
Edit
Run report
View report
Details
Acknowledge
To Next Page
Loading...
Need help?
General