Table of contents
Topics on this page

Threat Insights

With Threat Insights, you can view a summary of the type of security events your Network Security appliances are blocking. A dashboard displays compiled statistics on the security events from all of your managed virtual appliances during the last week.

Navigate to the Network → Threat Insights page to view statistics on all the security events from all of your managed virtual appliances during the last seven days only. The data includes the following IPS event categories:

Event Category Description
Security Policy Statistics that show how many times the filters configured to enforce your strategic network security posture have been triggered. These filters can defend against vulnerabilities by blocking vulnerable methods or protocols (such as SMBv1) or can be used to enforce company policies.
Reconnaissance Number of times that malicious attempts to scan your network for vulnerabilities have been detected and blocked.
Vulnerabilities Number of blocked attempts to exploit vulnerabilities in your network.
Exploits Number of blocked attempts to exploit known attacks in your network and system.
Malware Number of times that your filters shielded your network from malware, spyware, and ransomware.
Traffic Normalization Number of times that abnormal network traffic (such as out-of-order packets or packets with incomplete headers) was detected and blocked.

In addition, bar charts showing the top five countries or regions of IPS detection block logs (both source and destination) can help you determine which geolocations are triggering the most traffic events in your network. With this insight, you can add the offending countries or regions to your geolocation filtering policy. Learn more.

Threat Insights is supported on appliances with version 2020.13.0.10810 and later. Because Threat Insights is recommended, Security Event Sharing is enabled by default to ensure that the data is available for viewing. To disable sharing, navigate to Policy → Sync Management and disable Security Event Sharing.