Security Intelligence not working

mbaker33 · ‎02-19-2015

I'm going through the process of switching from CX to SFR and so far everything is going very well. The only issue is, I am getting "No Data" in all of my "Security Intelligence" charts/graphs. In my Access Control policy, under the Security Intelligence tab, I have added all of the "bad things" to the Blacklist and over a full day, nothing has been logged, despite ensuring the "Log Connections" option is checked.

So, the question is, what could I be missing?

Thanks,

Mark

adhogan · ‎02-19-2015

That's what you want to see. That means the sensor hasn't seen any traffic to a known bad IP address.

mbaker33 · ‎02-19-2015

Agreed, but I am going to some known bad sites to test it and it is not stopping me or logging anything. It is a bit concerning.

adhogan · ‎02-19-2015

Security Intelligence is only one tool in the box. It is in no way a comprehensive list of all bad sites. Just recently observed bad sites where we are absolutely certain those hosts are bad. I wouldn't expect it to trigger on a few random sites.

stepan.huzlik1 · ‎03-07-2015

Hi where you enabled logging ? In rule tab only or also on Security Inteligence tab ?