This feature helps you generate reports on whether there was any Port scanning attack, DDOS (Distributed Denial of Service) attack, or any attempt of intrusion, and what actions were taken.
To view reports of IDS/IPS, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Reports > Client > IDS/IPS.
- On the General Reports page, select the start and end dates for the reports.
- Select a Group name and an Endpoint name.If you want to generate reports for a group, leave the endpoint name text box blank. If you want to generate reports for an endpoint name, enter the endpoint name in the text box. The reports will be generated for that endpoint name.
- Enter user name in the User Name text box.
- In Report For, select the attack type for which the report is to be generated.The report can be generated for the following modules: Intrusions Prevention, Port Scanning, and DDOS Attack.
- To generate the report on the selected parameters, click Generate.
After clicking Generate button, Collapsible Summary will be displayed. In addition, if you want to change the parameters then you can do it by using Modify Parameters button.
You can take the print of the generated report or can also save the report as csv or PDF using the respective buttons.
This report page on Intrusion Prevention displays the following details of the clients:
| Fields | Description |
|---|---|
| Date and Time | Displays the date and time when the report is generated. |
| Endpoint Name | Displays the name of the endpoint for which the report is generated. |
| User Name | Displays the name of the user. |
| Domain | Displays the domain to which the selected client logs in. |
| System IP | Displays the IP address of the endpoint for which the report is generated. |
| Attacker IP | Displays the IP address of the attacker. |
| Vulnerability Detected | Displays the vulnerability detected in a client. |
| Action Taken | Displays the actions that were taken against the attack. |
| View Details | Displays further details of the installed applications. To view the details, click the View Details link. |
This report page on Port Scanning displays the following details of the clients:
| Fields | Description |
|---|---|
| Date and Time | Displays the date and time when the report is generated. |
| Endpoint Name | Displays the name of the endpoint for which the report is generated. |
| User Name | Displays the name of the user. |
| Domain | Displays the domain to which the selected client logs in. |
| System IP | Displays the IP address of the endpoint for which the report is generated. |
| Attacker IP | Displays the IP address of the attacker. |
| Attacker MAC Address | Displays the MAC address of the attacker. |
| Scanned Ports | Displays the Ports that were scanned. |
| Action Taken | Displays the actions that were taken against the attack. |
This report page on DDOS displays the following details of the clients:
| Fields | Description |
|---|---|
| Date and Time | Displays the date and time when the report is generated. |
| Endpoint Name | Displays the name of the endpoint for which the report is generated. |
| User Name | Displays the name of the user. |
| Domain | Displays the domain to which the selected client logs in. |
| System IP | Displays the IP address of the endpoint for which the report is generated. |
| Attacker IP | Displays the IP address of the attacker. |
| Attacker MAC Address | Displays the MAC address of the attacker. |
| Action Taken | Displays the actions that were taken against the attack. |