FDM-Managed Device Executive Summary Report
The Executive Summary Report offers a collection of operational statistics for all FDM-managed devices. After a device is onboarded, CDO might take up to two hours to collect this information from the Firewall Device Manager. After the initial report generation, data is compiled hourly. Note that report information is not part of the request for events. So events and reports are not available at the same cadence.
Data in the reports is generated when network traffic triggers an access rule or policy on an FDM-managed device. We strongly recommend that you enable malware defense and IPS licenses, as well as file logging for access rules, in order to allow a device to generate the events that are reflected in the reports.
Note that all of the information displayed in the report is dependent on the Time Range toggle button located at the top of the page. Policies may experience varying traffic or triggers during the time range you select.
If you experience issues with the Executive Summary Report or see an unexpected amount of traffic, see Troubleshoot the Executive Summary Report for more information.
Generate Network Operation Data
After a device is onboarded to CDO, event data is automatically collected. The data that is collected is dependent on the device configuration. The license that is delivered with all FDM-managed devices does not support all the options within the Network Operations Report. We recommend the following configurations for the devices you want to collect data from:
-
Logging : Enable file logging on applicable access control rules. See Logging Settings in an FDM Access Control Rule for more information.
-
Malware Events: Enable the malware Smart License.
-
Security Intelligence: Enable the Smart License.
-
IPS Threats : Enable the Smart License.
-
Web Categories : Enable the URL Smart License.
-
Files Detected: Enable the Smart License.
See FDM-Managed Device Licensing Types for more information on smart licenses and the capabilities these licenses provide.
Note | The executive summary does not inherently include traffic that is flowing over VPN. |
Overview
The Overview tab displays visuals from triggered rules, threats, and file types. These items are displayed numerically, with the largest or most frequently hit rules, events, or files listed first.
Malware events represent detected or blocked malware files only. Note that the disposition of a file can change, for example, from clean to malware or from malware to clean. We recommend that you Schedule a Security Database Update to keep your devices up to date with the latest intrusion rules (SRUs).
Top Ten Access Rule Hits offers three tabs you can toggle between to view the top ten rule transfers, connections, or rules that blocked packets.
Network Assessment
The Network Assessment tab addresses web site categories and detected file types. This display captures only the top ten most frequently encountered categories and file types. Other than selected time range, you cannot use this tab to determine when a specific web category or file type was detected.
Threats
The Threats tab displays statistics generated by intrusion events—Top Attacker captures the originating IP address of an event, Top Target captures the destination IP address of an event, and Top Threats captures the type of events that have been categorized as a threat.
This tab also provides details about the threats and malware types that are detected.
Generate a Report
After you configure the report to your preference, generate a PDF of the report. See Manging Reports for more information.