HP X Unified Security Platform Attack Reports, Update report data

Chapter 5 Events: Logs, Traffic Streams, Reports

STEP 3 To update the report data, use the Refresh option. On some reports, an Animate Charts option is available to update the data in real time.

Attack Reports

The Attack Reports page allows you to view data on traffic that has been filtered by the device based on the IPS filter and firewall rule configuration. Firewall rules display as filter ids in the 7400 to 7410 range. For example, filter ID 7400 is the default DENY ANY ANY rule that implicitly added to the end of the Firewall Rule table.

Traffic data is reported based on the view options you select:

•Top Ten Filters — displays a bar graph of the top 10 attack filters which includes a packet counter, and the percentage of total traffic affected by the filter.

•Severity — displays the number of attacks categorized as Low, Minor, Major, and Critical. The graph also shows the percentage of total traffic for each severity level. The severity levels are assigned by the TippingPoint Digital Vaccine team and are included as part of the filter definition.

•Action — displays the actions taken on filtered traffic: traffic can be dropped (Invalid), blocked, or permitted. The report includes the number of packets processed by each action and the percentage of total traffic the number represents.

•Protocol — displays attack traffic categorized by protocol. The report includes the number of filtered packets for each protocol and the percentage of total traffic the number represents. Protocols include: ICMP, UDP, TCP, AND IP-Other

•By Port: All — displays amount of all attack traffic reported by the Security Zone where the traffic was filtered, number of packets is reported as a percentage of total traffic

•By Port: Permit — displays amount of attack traffic permitted reported by Security Zone. Number of packets is reported as a percentage of total traffic.

•By Port: Block — displays amount of attack traffic blocked reported by Security Zone. Number of packets is reported as a percentage of total traffic.

Update report data

To update the traffic statistics in real time information, select the Animate Charts option. If this option is not selected, click the Refresh Data link to view the most current information.

Note Additional information on attack filter events is available in the LSM logs.

For details, see “Logs” on page 98.

122X Family LSM User’s Guide V 2.5.1