SecPoint® Protector UTM Firewall - Alert Center

ProtectorTM Unified threat management

http://www.secpoint.com/protector.html

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 2 of 7

Protector UTM Firewall – Alert Center

Alert Center

- Alert Center The Alert Center is a new function that allows to keep under control every possible threat recorded by the Protector. The Protector can record events in 3 main areas:

• System Status • Firmware update • Alert Level

For each of these areas, it’s possible to instruct the Protector to send a notification to the user about the new status. The Alert Center menu is placed in the Advanced menu.

The Notification emails and Syslog page contains the list of possible notification areas, and allows to choose the way to be notified: by email and/or by Syslog. For each area, the Protector will send a notification if any of the two possible methods are set, otherwise it will not send a notification.

If you choose to be notified by Syslog, it’s necessary to enter the Configure Syslog function in the Alert Center menu and configure it by entering IP and port number. Syslog messages will be sent as warnings. You can test the connection with your syslog server by sending a test message.

The System Status notification was already present in the Protector, but has been moved here from its previous position. The Firmware Update and the Alert Level Change notifications have been introduced with this release of the Protector and will be described below.

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 3 of 7

Protector UTM Firewall – Alert Center

Firmware Update Notifications: The Protector will send a notification, by email and/or by Syslog, whenever a new firmware update is started and another one at the end of the firmware update. If, for any reason, the firmware update does not complete (e.g. broken connection to the Internet), the Protector will send another notification. Alert Level Change Notifications: The Protector has introduced, with Firmware 18.0, new Alert Meters, that are visible in the right column of each page. The Alert Meters show the current Alert status for each of 5 subjects: Spam, Virus, Spyware, intrusion, Web filter. Whenever the Alert level, for any of these subjects, changes to Green to any other level, the Protector will send a notification. By default, a notification will be sent also when the Alert Level returns Green to a higher level. The Alert Levels are fully customizable, in order to better fit the volumes recorded by every Customer and the sensibility that every Customer wants to associate to this kind of notification.

Alert Level Customization The Alert Center menu allows to customize Alerts in two different ways: Customize Thresholds and Customize Notifications.

Customize Thresholds This customization will affect the Alert Meters visible on the screen and consequently will affect the Notifications. Thresholds are the maximum value allowed to each subject (Spam, Virus, Spyware, intrusion, Web filter) for each alert level (Green, Yellow, Orange). If a threshold level is reached, the Protector will assign the next Alert level to that subject. But there’s more: thresholds are not only assigned to each subject, but are assigned to each subject for each period of observation (1 hour, 24 hours, 7 days, 30 days).

For this reason the Customize Thresholds function has been divided in 2 parts, depending on how the user prefers to customize the values: by Subject or by Period. The following picture shows, for example, the default thresholds for Spam:

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 4 of 7

Protector UTM Firewall – Alert Center

In this picture, the value 20 means that the Protector will turn the Spam alert to Yellow if it records at least 20 spam emails in the last hour. The value 100 means that the Alert level will turn to Orange if the Protector blocks at least 100 spam emails in the last 24 hours. Customize Notifications Let’s suppose you entered a valid email address, or checked the Syslog check mark in the Alert Level Change, meaning that you want to be notified whenever the Alert level changes from Green to another level.

You can fine tune these notifications by deciding which pairs of Subjects/Levels will trigger a notification. By default, all available pairs are selected. Next picture shows, for example, that no notifications will be sent for level Orange, nor for subject Intrusion, nor when the Virus alert turns to Yellow.

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 5 of 7

Protector UTM Firewall – Alert Center

- Alert Status

The Alert Status can be accessed by clicking on the main menu. This function is useful to view the general status of Alert Levels for each pair of Subject / Period. In fact it shows the number of threats recorded by the Protector in the given period using the color of the corresponding Alert Level. If for a Subject/Period the Alert is not Green, you will see a small icon of the corresponding Meter and, dragging the mouse pointer over the icon, you’ll see the threshold level that exceeded.

In the example above, the Protector shows a Yellow alert level for 24 Hours and 7 Days, but the general level for Spam displayed on the right column of all windows is Orange, because it’s the highest level recorded for Spam.

It is also possible to view the Alert Status of a single Subject by clicking the corresponding Meter. In this case you’ll see a subset of the table above.

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 6 of 7

Protector UTM Firewall – Alert Center

Syslog Support

Copyright © 1999-2014 http://www.secpoint.com SecPoint® Page 7 of 7

Protector UTM Firewall – Alert Center