It would be great if someone share some good Use cases or Rules which i can build or use to track Firewall and Proxy Traffic, which helps me show my client that following are the malicious activity happening through their network.
I have deployed a completely virtual environment using Log architecture only, As we don't have a Packet Licence(Sad Part of the life ) ,
for example i have create one rule which tracks total download and upload Data through proxy. top 10 drops over firewall,
some more good use case or rules would make my life more adventuress.
Thanks in Advance,