Understanding Available Reports
License: Any
Available reports include the main reports available in the ASA FirePOWER module. You can view these reports from the ASA FirePOWER Reporting menu.
In general, you can click on many items, including names and View More links, to get more detailed information about individual items or about the monitored category as a whole.
Network Overview
This report shows summary information about the traffic in the network. Use this information to help identify areas that need deeper analysis, or to verify that the network is behaving within general expectations.
Users
This report shows the top users of your network. Users who fail active authentication are represented in user reports under the username ANONYMOUS, unless you enabled guest access, in which case the username is Guest. Users who do not have a mapping because they were not required to authenticate are shown as their IP address. Use this information to help identify anomalous activity for a user.
Tip |
User names are available only when user identity information is associated with traffic flows. If you want to ensure that user identity is available in reports for the majority of traffic, the access control policy should use active authentication. |
Applications
This report displays applications, which represent the content or requested URL for HTTP traffic detected in the traffic that triggered an intrusion event. Note that if the module detects an application protocol of HTTP, but cannot detect a specific web application, the module supplies a generic web browsing designation here.
Web categories
This report shows which categories of web sites, such as gambling, advertisements, or search engines and portals are being used in the network based on the categorization of web sites visited. Use this information to help identify the top categories visited by users and to determine whether your access control policies are sufficiently blocking undesired categories.
Policies
This report shows how your access control policies have been applied to traffic in the network. If you deleted the policy, the name is appended with "- DELETED." Use this information to help evaluate policy efficacy.
Ingress zones
This report displays the ingress security zone of the packet that triggered an event. Only this security zone field is populated in a passive deployment.
Egress zones
This report displays, for an inline deployment, the egress security zone of the packet that triggered the event. This security zone field is not populated in a passive deployment.
Destinations
This report shows which applications, such as Facebook, are being used in the network based on the analysis of the traffic in the network. Use this information to help identify the top applications used in the network and to determine whether additional access control policies are needed to reduce the usage of unwanted applications.
Attackers
This report displays the source IP addresses, used by the sending hosts, that triggered an event.
Targets
This report displays the destination IP addresses, used by the receiving hosts, that triggered an event.
Threats
This report displays the unique identifying number and explanatory text assigned to each detected threat to your network.
Files logs
This report displays the type of files detected, for example, HTML or MSEXE.