Security Dashboard (WatchGuard Cloud)
Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
On the Security Dashboard page in WatchGuard Cloud, you can see the top threats in each security area protected by Subscription Services.
The Security Dashboard includes the top threats in these categories:
- Top Blocked Advanced Malware (APT)
- Top Blocked Botnet Sites
- Top Blocked Clients
- Top Blocked Destinations
- Top Blocked URL Categories
- Top Blocked Malware
- Top Blocked Applications
- Top Blocked Application Categories
- Top Blocked Protocols
- Top Blocked Attacks
- Top Blocked Countries
Each of these categories appears only if there is data available in that category for the selected date range.
To enable Security Services Statistics for the Security Dashboard:
- In Policy Manager, select Setup > Logging.
- Click Performance Statistics.
- Select the Security Services Statistics check box.
If your Firebox has Botnet Detection enabled, and there are log messages related to botnet traffic on your Firebox, when you filter on the details in a category, the Top Blocked Clients section shows the top clients that were blocked when they tried to connect to a botnet site, and the Top Blocked Destination section shows the top hosts that the botnet site tried to connect to.
If this dashboard is not available for your device, follow the steps to Enable Logging for this Dashboard.
See the Security Dashboard in WatchGuard Cloud
To see the Security Dashboard in WatchGuard Cloud:
- Log in to WatchGuard Cloud.
- Select Monitor > Devices.
- Select a folder or a specific device.
- To select the report date range, click .
- From list of reports, select Dashboards > Security Dashboard.
The Security Dashboard page opens for the selected device. - To show data for a specific time period:
- Above the dashboard, click the currently selected time period.
A drop-down list opens. - Select a predefined period from the list or select Custom and specify a custom time period. For more information, see Filter Reports and Dashboards by Date.
The top blocked threats in each category appear, for the time range you specified.
- Above the dashboard, click the currently selected time period.
- To see more information about a specific item (such as an IP address, file, or protocol) click a link in the Name column.
Only data for the selected item is shown on the dashboard. - To see all data for a category, next to the category title, click View All.
Only data for the selected item is shown on the dashboard.
When there is too much data to display in the Top Clients or Top Destinations tile, you are prompted to select a shorter time range.
Generate the Security Dashboard Report
You can generate a summary report in PDF format that includes information from the Security Dashboard.
To download the Security Dashboard report:
- Above the dashboard, click the PDF icon .
The file downloads or a confirmation message opens. - Select to open or save the file.
Enable Logging for this Dashboard
Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.
To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:
- In the Logging and Notification settings for all packet filters, select Send a log message for reports. For more information, see Set Logging and Notification Preferences.
- In the General Settings for all proxy actions, select Enable logging for reports.
- In all APT Blocker actions, select the Log check boxes for threat levels. For more information, see Configure APT Blocker.
- In the Gateway AntiVirus settings for a proxy action, select the Log check boxes for all Gateway AntiVirus actions. For more information, see Configure Gateway AntiVirus Actions.
- In the Intrusion Prevention settings, select the Log check box for threat levels with the Block and Drop actions. For more information, see Configure Intrusion Prevention.
- In all WebBlocker actions, select the Log check box for all categories and select the When a URL is uncategorized, Log this action check box. For more information, see Configure WebBlocker Categories.