Viewing network activity

CylanceGATEWAY

logs all network activity for devices that have work mode enabled. The network activity log records the user, device model and OS, hostname, destination, date and time, and other details about each attempted connection event.

If a connection is identified as a potential threat, the

Anomaly

column specifies the type of threat detected.

Behavioral risk

anomalies are potential threats based on unusual user behavior.

DNS Tunneling

anomalies are potential threats based on analysis of the DNS traffic from the client to the attacker's DNS server.

Reputation

anomalies are potential threats from addresses on the

BlackBerry

list of unsafe Internet destinations and are detected by destination reputation.

Signature detection

anomalies refer to potential threats detected by intrusion protection.

Zero Day Detection

anomalies refer to newly identified malicious destinations that have not been identified previously. After they are identified, these destinations are assigned a risk score. They are subsequently blocked or alerted upon based on the risk level that you set for your network protection. For more information, see Configure network protection settings.

To view the network activity log in the management console, on the menu bar, click

Gateway > Events

To view the event details for a network activity, click the activity log row.

To filter any column, click

at the top of the column.

To change which columns are displayed, click

at the right side of the column headings.

To export the network activity information to a .csv file, click The Export icon

. Select to export everything or only the filtered network activity and click

Export

Section:

Monitoring network connections with CylanceGATEWAY