SecuReporter: more info on threats?
Options
All Replies
-
Hi @MpDay,
In your example, the event type is Web and the severity is High.
It means the user/source IP keeps trying to connect these high risk web sites.
You can check
1. Why does the user or PC with source IP try to access these high risk web sites? Is it already controlled by Botnet C&C?
2. On ZyWALL, go to Content Filter > Profile > Category Service and check the action for Security Threat Web Pages. If the action is not "Block", set it as "Block".
In the future phase of SecuReporter, we will add one more column in the table with the "Action" to let administrator know if the threat if blocked or passed. If the action is "Block", you don't have to be worried about the logs.
0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight