L4 Traffic Monitor Report
The Web > Reporting > L4 Traffic Monitor page displays information about malware ports and malware sites that the L4 Traffic Monitors on your Web Security appliances have detected during the specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
The L4 Traffic Monitor listens to network traffic that comes in over all ports on each Web Security appliance and matches domain names and IP addresses against entries in its own database tables to determine whether to allow incoming and outgoing traffic.
You can use data in this report to determine whether to block a port or a site, or to investigate why a particular client IP address is connecting unusually frequently to a malware site (for example, this could be because the computer associated with that IP address is infected with malware that is trying to connect to a central command and control server.)
Tip | To customize your view of this report, see Working with Web Security Reports. |
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
A menu that allows you to choose a time range on which to report. For more information, see Choosing a Time Range for Reports. |
|
Top Client IPs |
This section displays, in graph format, the IP addresses of computers in your organization that most frequently connect to malware sites. Click the Chart Options link below the chart to change the display from total Malware Connections Detected to Malware Connections Monitored or Malware Connections Blocked. This chart is the same as the “L4 Traffic Monitor: Malware Connections Detected” chart on the Client Malware Risk Report. |
|
Top Malware Sites |
This section displays, in graph format, the top malware domains detected by the L4 Traffic Monitor. Click the Chart Options link below the chart to change the display from total Malware Connections Detected to Malware Connections Monitored or Malware Connections Blocked. |
|
Client Source IPs |
This table displays the IP addresses of computers in your organization that frequently connect to malware sites. To include only data for a particular port, enter a port number into the box at the bottom of the table and click Filter by Port. You can use this feature to help determine which ports are used by malware that “calls home” to malware sites. To view details such as the port and destination domain of each connection, click an entry in the table. For example, if one particular client IP address has a high number of Malware Connections Blocked, click the number in that column to view a list of each blocked connection. The list is displayed as search results in the L4 Traffic Monitor tab on the Web > Reporting > Web Tracking page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. This table is the same as the “L4 Traffic Monitor - Clients by Malware Risk” table on the Client Malware Risk Report. |
|
Malware Ports |
This table displays the ports on which the L4 Traffic Monitor has most frequently detected malware. To view details, click an entry in the table. For example, click the number of Total Malware Connections Detected to view details of each connection on that port. The list is displayed as search results in the L4 Traffic Monitor tab on the Web > Reporting > Web Tracking page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. |
|
Malware Sites Detected |
This table displays the domains on which the L4 Traffic Monitor most frequently detects malware. To include only data for a particular port, enter a port number into the box at the bottom of the table and click Filter by Port. You can use this feature to help determine whether to block a site or a port. To view details, click an entry in the table. For example, click the number of Malware Connections Blocked to view the list of each blocked connection for a particular site. The list is displayed as search results in the L4 Traffic Monitor tab on the Web > Reporting > Web Tracking page. For more information about this list, see Searching for Transactions Processed by the L4 Traffic Monitor. |
Tip | To customize your view of this report, see Working with Web Security Reports. |