ACTIVITY REPORTS

The Reports module offers static reports based on logs saved on the firewall. These reports belong to several categories: Web, Security, Virus, Spam, Vulnerability, Network, Industrial network, Sandboxing, SD-WAN and web services.

Most reports present the Top 10 most frequently occurring values (e.g., Top 10 most frequently blocked websites), while the remaining values are grouped under “Others”. SD-WAN reports are based on metrics and operational statuses obtained when monitoring routers and their gateways.

NOTE
Reports from each category are displayed only if they were enabled in the Configuration module > Logs - Syslog - IPFIX > Report configuration). If no reports are enabled in the configuration, the Reports module will not appear.

Private data

For the purpose of compliance with the European GDPR (General Data Protection Regulation), personal data (user name, source IP address, source name, source MAC address) is no longer displayed in logs and reports and have been replaced with the term "Anonymized".

To view such data, the administrator must then enable the "Logs: full access" privilege by clicking on "Logs: limited access" (upper banner of the web administration interface), then by entering an authorization code obtained from the administrator's supervisor (see the section Administrators > Ticket management). This code is valid for a limited period defined at the moment of its creation.

To release this privilege, the administrator must click on "Logs: full access" in the upper banner of the web administration interface, then click on "Release" in the dialog box that appears.

After a privilege is obtained or released, data must be refreshed.

Please note that every time a "Logs: full access" privilege is obtained or released, it will generate an entry in logs.

NOTE
For SN160(W), SN210(W) and SN310 models, you can obtain the full feature by using an external storage medium such as an SD card (refer to the module Logs –Syslog). Only the SD format is compatible: Micro SD or Nano SD cards fitted with an adapter are not supported.

Collaborative security

For more collaborative security, based on vulnerability reports generated by Vulnerability Manager, it is now possible in just one click to increase the level of protection on a host that has been identified as vulnerable. Therefore, when critical vulnerabilities are detected, a new option will allow you to add affected hosts to a pre-set group and assign a strengthened protection profile or specific filter rules to them (quarantine zones, restricted access, etc.).

For further information, please refer to the Technical Note Collaborative security.

Possible actions on reports

Time scale

Changes the time scale in the report. Several choices are possible: last hour, views by day, last 7 days and last 30 days. Note:
  • The last hour is calculated from the minute before the current minute.
  • The view by day covers the whole day, except for the current day in which data runs up to the previous minute.
  • The last 7 and 30 days refer to the period that ended the day before at midnight.
Data refresh Refreshes displayed data.
Display the

This field can only be accessed if the selected time scale is Views by day. Select the desired date from the calendar.

Print the report Opens the print preview window for the report. A comment field can be added to the report that has been formatted for printing. The Print button sends the file to the browser’s print module, which allows you to choose whether to print the fie or generate a PDF file.
Download the data in CSV format Allows data to be downloaded in CSV format.
Display the horizontal histogram Displays data in the form of a horizontal bar graph.
Display the vertical histogram Displays data in the form of a vertical bar graph.
Display the pie chart Displays data in the form of a pie chart.
Show/hide legend Shows or hides the report’s legend. Le legend consists of:
  • A color for each value in the report,
  • Numbering that specifies the rank of the values in the report,
  • The name of values,
  • The amount of values,
  • The percentage that the value represents in this report.

Depending on the report, additional information or interactive features can be added to the legend (e.g., action of an alarm).

Left-clicking on a value in a report will open a menu offering several interactive features. These may be for example, providing additional information on the value, modifying a parameter of the configuration profile or launching a search in the firewall's logs. Some interactive features can only be accessed in some values of some reports.

Available reports