Flow Analytics - Network Threats
This view provides detailed visibility, filtering and analytical options for events recorded from Valtix threat analysis engine and summarized in Network Threats
.
Refer Flow Analytics Overview for details on Search, Filter, Show/Hide Columns, Select Gateways and modify Time Formats/Timeframes.
Network Threats
Tables and Fields available in Network Threats are as follows
Event Details |
Description |
Date and Time |
ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: 2020-11-22T10:58:46.820 |
Type |
AV, DLP, DPI |
CSP Account |
Valtix CSP Account |
Gateway |
Valtix Gateway |
Region |
Region of the Valtix Gateway |
Level |
DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY |
Session ID |
.. |
Service |
Description |
Src IP |
Source IP Address |
Src Port |
Source Port |
Dest IP |
Destination IP Address |
Dest Port |
Destination Port |
Protocol |
UDP, TCP |
Application Info |
Description |
Client App Name |
Application name associated with client side of the session. Example: Advanced Packaging Tool |
Payload App Name |
HTTP application name associated with webserver host. Example: Facebook |
Service App Name |
Application name associated with server side of the session Example: HTTP |
Action |
Description |
Action |
ALLOW, DENY |
State |
ESTABLISHED, CLOSE, CLOSED, CLOSE_WAIT, TIME_WAIT, FIN_WAIT, LAST_ACK |
HTTP Request |
Description |
Host |
Host portion of URL |
Method |
GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS |
URI |
URI Identifier RFC 3986 |
FQDN |
Description |
FQDN |
Fully Qualified Domain Name |
Category Name |
Category classification of the FQDN. Example: Social Media |
Reputation |
Reputation score of the FQDN |
Rule |
Description |
ID |
ID number/description of Valtix Rule. Example 59 (egress-prod-apt-80) |