SecuReporter: more info on threats?

MpDay Posts: 7
First Anniversary First Comment
edited April 2021 in Security
Hi, so the reporting looks nice, but how can we find more info on the logged threats?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @MpDay,


    In your example, the event type is Web and the severity is High.

    It means the user/source IP keeps trying to connect these high risk web sites.

    You can check

    1.  Why does the user or PC with source IP try to access these high risk web sites? Is it already controlled by Botnet C&C?

    2. On ZyWALL, go to Content Filter > Profile > Category Service and check the action for Security Threat Web Pages. If the action is not "Block", set it as "Block".

    In the future phase of SecuReporter, we will add one more column in the table with the "Action" to let administrator know if the threat if blocked or passed. If the action is "Block", you don't have to be worried about the logs.

Security Highlight