View basic traffic metrics and inbound and outbound traffic distribution in log reports - Cloud Firewall

The log report feature in Cloud Firewall provides an intuitive interface to visualize and monitor your traffic metrics and their distribution. You can customize the time range, subscribe to reports, and adjust the data refresh frequency for specific analysis and to understand traffic patterns in various security monitoring scenarios.

Prerequisites

The Log Analysis feature of Cloud Firewall is enabled. For more information, see Log Analysis Overview.
The delivery of internet traffic logs is enabled. For more information, see Modify log storage configurations.

Procedure

Log on to the Cloud Firewall console.
In the left-side navigation pane, choose Detection & Response > Log Analysis.
In the upper-right corner of the Reports tab, click Time Range to view the dashboard data. For more information, see Dashboard description.
If you do not specify a time range, the system displays data from the last hour by default.
Note
- The time range selection is temporary and applies only to the current page view. When you reopen the report page, the dashboard reverts to the default time range.
- In the upper-right corner of the Reports tab, click Refresh to set the refresh frequency for the log report.
(Optional) Click the icon in the upper-right corner of a dashboard widget to do the following:
- View: Zooms in on the widget.
- Preview Query Statement: Shows the query statement for the widget's metrics. You can use this statement to search for the corresponding log data on the Logs tab. For more information about log queries, see Query and analyze logs.
- Select Time Range: Sets the widget's time range. You can select a relative, hour-aligned, or custom time range.
- Download chart data: Save the chart as a PNG image.
- Download chart: Save an Excel file of the chart to your local computer.

Dashboard

The Cloud Firewall log report provides a comprehensive overview of your internet traffic, including basic metrics, inbound and outbound trends, and distribution data.

Type	Widget	Description
Basic metrics	Total interceptions	The number of inbound and outbound access attempts blocked by Cloud Firewall.
	Inbound traffic	The total data volume of traffic from the internet to your internal assets.
	Outbound traffic	The total data volume of traffic from your internal assets to the internet.
	SSH access	The number of data transfers that use SSH, including both inbound and outbound traffic.
	RDP access	The number of data transfers that use RDP, including both inbound and outbound traffic.
	FTP access	The number of data transfers that use FTP, including both inbound and outbound traffic.
Inbound distribution	Inbound interception trend	A trend chart of blocked access attempts from the internet to your internal assets.
	Top 10 intercepted inbound applications	The 10 application types with the most blocked inbound access attempts from the internet to your internal assets.
	Inbound sources - World	The geographic distribution of inbound traffic to your internal assets.
	Top 10 inbound applications	The top 10 application types that access your internal assets most frequently from the internet, and the percentage of total access attempts for each.
	Top 10 inbound regions	The top 10 source regions that access your internal assets most frequently from the internet, and the percentage of total access attempts for each.
	Top 20 inbound ports	The top 20 ports on your internal assets that receive the most access attempts from the internet, and the number of attempts for each port.
Outbound distribution	Outbound interception trend	A trend chart of blocked access attempts from your internal assets to the internet.
	Top 10 intercepted outbound applications	The 10 application types with the most blocked outbound access attempts from your internal assets, and the percentage of total attempts for each.
	Top 20 outbound ports	The top 20 destination ports on the internet that your internal assets accessed most frequently, and the number of access attempts for each port.
	Top 10 outbound IP addresses	The top 10 destination IP addresses on the internet that your internal assets accessed most frequently, and the percentage of total access attempts for each.
	Top 10 outbound domain names	The top 10 destination domain names on the internet that your internal assets accessed most frequently, and the number of attempts for each domain.
	Top 10 outbound applications	The top 10 application types that your internal assets used most frequently to access the internet, and the percentage of total access attempts for each.