02-19-2015 07:01 AM - edited 03-12-2019 05:37 AM
I'm going through the process of switching from CX to SFR and so far everything is going very well. The only issue is, I am getting "No Data" in all of my "Security Intelligence" charts/graphs. In my Access Control policy, under the Security Intelligence tab, I have added all of the "bad things" to the Blacklist and over a full day, nothing has been logged, despite ensuring the "Log Connections" option is checked.
So, the question is, what could I be missing?
Thanks,
Mark
02-19-2015 01:22 PM
That's what you want to see. That means the sensor hasn't seen any traffic to a known bad IP address.
02-19-2015 01:45 PM
Agreed, but I am going to some known bad sites to test it and it is not stopping me or logging anything. It is a bit concerning.
02-19-2015 02:35 PM
Security Intelligence is only one tool in the box. It is in no way a comprehensive list of all bad sites. Just recently observed bad sites where we are absolutely certain those hosts are bad. I wouldn't expect it to trigger on a few random sites.
03-07-2015 08:09 AM
Hi where you enabled logging ? In rule tab only or also on Security Inteligence tab ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: