SecuReporter: more info on threats?
All Replies
-
Hi @MpDay,
In your example, the event type is Web and the severity is High.
It means the user/source IP keeps trying to connect these high risk web sites.
You can check
1. Why does the user or PC with source IP try to access these high risk web sites? Is it already controlled by Botnet C&C?
2. On ZyWALL, go to Content Filter > Profile > Category Service and check the action for Security Threat Web Pages. If the action is not "Block", set it as "Block".
In the future phase of SecuReporter, we will add one more column in the table with the "Action" to let administrator know if the threat if blocked or passed. If the action is "Block", you don't have to be worried about the logs.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight