SecuReporter: more info on threats?

MpDay
MpDay Posts: 7  Freshman Member
First Comment Second Anniversary
edited April 2021 in Security
Hi, so the reporting looks nice, but how can we find more info on the logged threats?


All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @MpDay,

     

    In your example, the event type is Web and the severity is High.

    It means the user/source IP keeps trying to connect these high risk web sites.

    You can check

    1.  Why does the user or PC with source IP try to access these high risk web sites? Is it already controlled by Botnet C&C?

    2. On ZyWALL, go to Content Filter > Profile > Category Service and check the action for Security Threat Web Pages. If the action is not "Block", set it as "Block".

    In the future phase of SecuReporter, we will add one more column in the table with the "Action" to let administrator know if the threat if blocked or passed. If the action is "Block", you don't have to be worried about the logs.


Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)