Related Topics
See Network Events in TDR
On the Network Events page, you can see details about network threat events identified by Fireboxes on your network. These are the details for network indicators identified for a host. These details include the Raw Message, which is a type of log message with information such as the Firebox interface and the source and destination IP addresses for the connection.
To see network events, you must log in as a user with Operator credentials:
- Select System > Network Events.
- At the left of an event, click
.
The Raw Message from the Firebox appears. - To close the Raw Message, click
.
The Type column shows the type of network event.
| Event Type | Description |
|---|---|
| BlockedSitesByBotnet | Botnet Detection blocked traffic from a suspected botnet site. |
| BlockedSitesByFQDN | The Firebox blocked a connection because it matched an FQDN on the Blocked Sites list. |
| BlockedSitesByIP | The Firebox blocked a connection because it matched an IP address on the Blocked Sites list. |
| DnsQuestionMatch | The DNS proxy a DNS query that matched a Query Name configured with the Deny action in the DNS-proxy action |
| HttpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an HTTP connection. |
| HttpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an HTTP connection. |
| HttpBadReputation | Reputation Enabled Defense blocked an HTTP connection to a site with a bad reputation. |
| HttpRequestCategories | WebBlocker blocked a connection to a site in a blocked content category. |
| HttpVirusFound | Gateway AntiVirus detected a virus in an HTTP connection. |
| SmtpAPTBlocked | APT Blocker blocked an Advanced Persistent Threat in an SMTP connection |
| SmtpAPTDetected | APT Blocker detected an Advanced Persistent Threat in an SMTP connection |
| SmtpVirusFound | Gateway AntiVirus detected a virus in an SMTP connection |
To make sure that your Firebox sends events to your TDR account, configure policies and services in the Firebox configuration to send a log message for any Block, Drop, or Deny action. For more information, see Configure Proxy Policies for TDR.