InTrust 11.6 - InTrust Reports

Report Pack for Microsoft TMG and ISA Server

This section contains a list of reports included in the InTrust11.5.1 Report Pack for Microsoft TMG and ISA Server.

Security

• Advanced Forensic Analysis
• Common Security Incidents

Advanced Forensic Analysis

Faults

Audit subsystem faults

This InTrust report displays ISA Server audit subsystem faults. It helps you identify logging and auditing problems. In some cases, these faults are specifically provoked to prevent logging. Therefore, such situations need to be monitored.

ISA services faults

This InTrust report displays ISA Server audit subsystem faults. It helps you identify logging and auditing problems. In some cases, these faults are specifically provoked to prevent logging. Therefore, such situations need to be monitored.

ISAS miscellaneous faults

This InTrust report shows miscellaneous faults, such as network configuration errors or insecure configuration errors.

ISAS Packet filtering faults

This InTrust report helps you analyze problems related to packet filtering, such as packet filtering protocol violations, disabled packet filtering, and others. Use the Events filter to specify what events will be included in the report.

Network Activity

Firewall all connections

This InTrust report helps you analyze sessions that take place through the firewall.

Firewall all connections [detailed]

This InTrust report helps you perform a detailed analysis of connections through the firewall.

Requests by Network [chart]

This InTrust report shows how many requests were received by the selected destination network from the selected source networks in the specified time period. The report is based on data from the ISAS Firewall and ISAS WebProxy logs.

VPN Sessions [by Server and User]

This InTrust report shows the VPN sessions grouped by RAS server and User. Information shown includes session duration and volume of the transferred data. Report is based on data from Windows System Log.

Web proxy all requests

This InTrust report helps you analyze Web proxy requests.

Server Management

ISA services tracking

This InTrust report displays tracking events (start, stop, pause, and resume) for ISAS services (Firewall Service, Web Proxy Service, and ISAS Control Service). Use the Events filter to specify which service tracking events will be included in the report.

Common Security Incidents

Attacks

Network Probes

• Firewall port scanning

This InTrust report displays information on frequent sessions (or series) of port scanning. Port scanning is used by intruders to detect server configuration.

• Firewall well-known ports connection attempts

Intruders scan well-known ports to determine specific services available on the server. Well-known ports are those with numbers from 0 to 1023. You can use the Ports filter to limit the report to a subset of these ports.

Firewall triggered rules

To prevent unwarranted access to resources, firewall rules are configured. When a firewall rule is triggered due to a corporate policy violation, an event is logged in the ISAS Firewall log. This InTrust report helps you determine who violated the firewall policy.

ISAS built-in intrusion detection

This InTrust report shows information on several well-known types of attacks detected by ISA Servers built-in intrusion detection system. The report provides information on spoof attacks, ping-of-death attacks, UDP bomb attacks, and others.

Prohibited User Activity

Web proxy web surfing daily statistics

This InTrust report displays attempts to browse restricted web pages by user. You can use the Restricted Pages filter to define what pages are proscribed. To do it, add a list of keywords to the filter. Such pages may include pornography or e-commerce sites.

Usage Statistics

• ISA Firewall
• ISA Web Proxy

ISA Firewall

Firewall daily traffic [chart]

This InTrust chart shows statistics on daily requests for ISA Firewall service.

Firewall total statistics

This InTrust report provides aggregate statistics for ISA Firewall service.

Firewall users activity daily distribution

This InTrust chart shows the daily activity levels of ISA Firewall clients.

Firewall users activity hourly distribution

This InTrust chart shows the hourly activity levels of ISA Firewall clients.

ISA Web Proxy

Authenticated Clients Audit and Statistics

Web proxy site requests by date

Web proxy site requests by user

Web proxy traffic by user [chart]

This InTrust chart provides traffic statistics (in Kbytes) for Web Proxy authenticated clients.

Files Statistics

Web proxy file downloads

This InTrust report lists all potentially dangerous files downloaded by the Web Proxy clients.

General Information

Web proxy daily traffic [chart]

This InTrust chart shows the daily incoming/outgoing traffic of ISA Web Proxy service.

Web proxy total statistics

This InTrust report provides aggregate statistics for ISA Web Proxy service.

Hosts Audit and Statistics

Web proxy requests statistics

This InTrust report contains information on all requests for ISA Web Proxy hosts.

Web proxy traffic by host [chart]

This InTrust chart provides traffic statistics (in Kbytes) for ISA Web Proxy hosts.

Report Pack_VMware vCenter_ESX_ESXi

VMware vCenter and ESX/ESXi Reports

This section contains a list of reports included in the InTrust11.5.1 VMware vCenter and ESX/ESXi Reports. These reports are based on VMware vCenter, ESX and ESXi tasks and events retrieved via vSphere Web Services SDK.