Network and Host Exploit Mitigation logs and quick reports

The Network and Host Exploit Mitigation logs and reports contain information about attacks on the firewall, firewall traffic and packets, and intrusion prevention. The logs also contain information about Memory Exploit Mitigation.
As of version 14.2, IPv4 and IPv6 are supported for references to IP. For earlier versions, only IPv4 is supported.
The filter option fields that accept wildcard characters and search for matches are not case-sensitive. The ASCII asterisk character is the only asterisk character that can be used as a wildcard character.
Additional filter settings for the Network and Host Exploit Mitigation logs and reports describes the additional filter settings for logs and reports.
Types of Network and Host Exploit Mitigation logs
Option
Description
Attacks
Available information includes time, attack type, domain, group, computer, and client user name. Additional information available includes the severity; the direction and protocol; the local host IP/remote host IP, the location; and the number.
Traffic
Available information includes time, event type, action, severity, direction, computer, local host IP/remote host IP, protocol, client user name, and number.
Packets
Available information includes time, event type, action, domain, direction, computer, local host IP, local port, and remote host IP.
Memory Exploit Mitigation
Available information includes time, signature ID, group, computer, application name, severity, local host ID, client user name, profile serial number, and location.
Additional filter settings for the Network and Host Exploit Mitigation logs and reports
Option
Description
  • Severity
  • Event type
  • Operating system
  • Site
  • Domain
  • Group
  • Server
  • Computer
  • IP address
  • User
  • Remote host
  • Remote IP address
  • Local IP address
Direction
Specifies the direction that you want to view information about. For example, you can select
Inbound
or
Unknown
.
Local port (or ICMP type)
Specifies the local port or ICMP type that you want to view information about.
This option is only available for the
Traffic
log.
Local port
For the
Packets
log, specifies the local port that you want to view information about.
This option is only available for the
Packets
log.
Blocked status
Specifies the
Blocked
status that you want to view information about.
This option is only available for the
Packets
log and the
Traffic
log.
Protocol
Specifies the protocol that you want to view information about. For example, you can select
TCP
or
ICMP
.
This option is only available for the
Attacks
log and the
Traffic
log.
Application Name
Use this option to find which applications the Memory Exploit Mitigation techniques have blocked or terminated.
Memory Exploit Mitigation logs only.
Profile Serial Number
Use the policy number to help find which policy has blocked or terminated an application.
Memory Exploit Mitigation logs only.
Location
Use this option to find out which locations on the client computers had a higher or lower rate of exploit attacks.
Memory Exploit Mitigation logs only.