Stormshield SN series Configuration Manual page 297

All the elements in a diagram allow the action Search this value in logs: this search is conducted
in the Logs section on all logs by keeping the monitored period with the value of the element
selected in the report as a search criterion. This action is offered for all values except for certain
specific searches listed below.
If it is an IP address, the possible actions will be:
Add the host to the object base: through a dialogue window, the host can be added to the
l
Object base and added to a group created earlier. The aim of this is to apply a particular filter
policy to the object (quarantine zone).
* Please refer to the Technical Note "Collaborative security" on how to create a policy with a
remediation zone.
A domain name allows the following additional actions:
URL access: this action displays the URL in a new tab.
l
Display the URL Category: this action displays in a window the category to which the domain
l
belongs.
Add the URL to a group: this action will display a window that allows adding the URL directly
l
to an existing URL group.
The following are the particular interactions of the various reports:
WEB: Top web searches report
Execute this search via Google: this action launches a Google keyword search in a new tab.
SECURITY: Top most frequent alarms report
Set action to (Allow/Block): this modification will be made to the profile relating to the traffic
l
that raised the alarm.
Set level to (Major/ Minor / Ignore): this modification will be made to the profile relating to
l
the traffic that raised the alarm.
Open help: this link redirects to the help page of the alarm raised or the vulnerability detected.
l
Display the Logs generated by this alarm: this search is conducted in the Logs section, on
l
all logs and by keeping the monitored period.
VULNERABILITY
Top most vulnerable hosts report
Click to display the remaining vulnerabilities of this host: the remaining vulnerabilities for this
l
host at this exact moment will be displayed. Indeed, a vulnerability that may have been
reported at a given moment may have been resolved by the time it is read in the reports. You
can also confirm the current status of vulnerabilities in Realtime Monitor.
Search for this host in the vulnerabilities log: this search is conducted in the Logs section, on
l
all logs and by keeping the monitored period.
Top client vulnerabilities and Top server vulnerabilities report
Show vulnerable hosts: hosts concerned at this exact moment and their version of the
l
application or the vulnerable service are displayed. Indeed, a vulnerability that may have
been reported at a given moment may have been resolved by the time it is read in the reports.
You can also confirm the current status of vulnerabilities in Realtime Monitor.
Open help: this link redirects to the help page of the alarm raised or the vulnerability detected.
l
Page 297/448
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
REPORTS