AnsweredAssumed Answered

What Rules/Use-case should i use to track Proxy and Firewall Activity

Question asked by Anuj Shrivastava on Apr 27, 2017
Latest reply on May 3, 2017 by Arthur Costigan

Hi All,

 

It would be great if someone share some good Use cases or Rules which i can build or use to track Firewall and Proxy Traffic, which helps me show my client that following are the malicious activity happening through their network.

 

I have deployed a completely virtual environment using Log architecture only,  As we don't have a Packet Licence(Sad Part of the life ) ,

for example i have create one rule which tracks total download and upload Data through proxy. top 10 drops over firewall, 

 

some more good use case or rules would make my life more adventuress.

 

Thanks in Advance,

 

Anuj

Outcomes