With Threat Insights, you can view a summary of the type of security events your Network Security appliances are blocking. A dashboard displays compiled statistics on the security events from all of your managed virtual appliances during the last week.
Navigate to the Network → Threat Insights page to view statistics on all the security events from all of your managed virtual appliances during the last seven days only. The data includes the following IPS event categories:
Event Category
Description
Security Policy
Statistics that show how many times the filters configured to enforce your strategic network security posture have been triggered. These filters can defend against vulnerabilities by blocking vulnerable methods or protocols (such as SMBv1) or can be used to enforce company policies.
Reconnaissance
Number of times that malicious attempts to scan your network for vulnerabilities have been detected and blocked.
Vulnerabilities
Number of blocked attempts to exploit vulnerabilities in your network.
Exploits
Number of blocked attempts to exploit known attacks in your network and system.
Malware
Number of times that your filters shielded your network from malware, spyware, and ransomware.
Traffic Normalization
Number of times that abnormal network traffic (such as out-of-order packets or packets with incomplete headers) was detected and blocked.
In addition, bar charts showing the top five countries or regions of IPS detection block logs (both source and destination) can help you determine which geolocations are triggering the most traffic events in your network. With this insight, you can add the offending countries or regions to your geolocation filtering policy. Learn more.
Threat Insights is supported on appliances with version 2020.13.0.10810 and later. Because Threat Insights is recommended, Security Event Sharing is enabled by default to ensure that the data is available for viewing. To disable sharing, navigate to Policy → Sync Management and disable Security Event Sharing.