Cato provides a Predefined Report template that shows insights into traffic inspected or bypassed by your TLS Inspection policy. This helps you evaluate your TLS Inspection policy and identify significant traffic patterns and potential security risks. The report data is based on events generated by Internet and WAN Firewall rules.
Create the template for a recurring or one-time report with the sites and SDP users that are included in the report over the defined time range. By default, the Predefined Report template for the TLS Inspection Policy report shows traffic and data for all sites and SDP users for the past week.
For more about working with reports, see Cato Reports.
Create a new recurring report by defining the Filters for the items included in the report, as well as the Schedule which defines how often the report is generated - daily, weekly, or monthly. Generated reports are stored in the Cato Cloud, and they can be automatically emailed or downloaded. The Schedule also defines the time range that is covered by each report.
You can select the Mailing List of email addresses for the recipients, which can include Cato Management Application admins and external users.
For more information about Mailing Lists, see Working with Mailing Lists.
To create a recurring TLS Inspection report:
- From the navigation pane, select Home > Reports.
- From the Catalog tab, select the template you want to use to generate the report.
- Click Generate > Create Schedule.
- Enter a Report Name.
-
(Optional) In Filters, select specific sites or users for the Predefined Report.
By default, the Predefined Report includes all sites and users.
To include multiple sites or users in the report, use the IN operator.
- Define when the report will be generated and sent:
- Select the Frequency that the report is automatically sent: Daily, Weekly, or Monthly.
- For Weekly and Monthly Scheduled reports, in Every select the day that the report is sent.
-
In Send to Mailing List, select the Mailing List that receives the report.
You can click New to create a new mailing list.
- Click Save Schedule. The report is added to the Saved Reports tab.
Recurring reports are automatically generated based on their schedule settings. For example, a weekly report configured for Monday, is generated every Monday. You can also choose to manually generate a recurring report on demand, in which case the generated report uses the defined time range based on the current day. If an admin manually generates a weekly report on a Tuesday, the time range for the report is the previous 7 days starting from that Tuesday, regardless of the starting day of the recurring report. For more information about the time range of recurring reports, see Cato Reports.
You can create a one-time report based on the TLS Inspection template. You define the Filters for the items included in the report.
To create a One-Time report:
- From the navigation pane, select Home > Reports.
- From the Catalog tab, select the template you want to use to generate the report.
- Select Generate > Generate Now.
- Enter a Report Name.
- In Filters, define the Timeframe and Timezone of the report.
- Click Generate, the report is generated and you download it from the Generated PDFs tab.
For sections in the report that show the top items, they include up to the top 10 items for that section.
These are the sections in the TLS Inspection Policy report:
- Inspected Vs. Bypassed by OS: Charts showing the number of events for inspected and bypassed traffic for each operating system, as well as total inspected and bypassed events including all operating systems.
-
Top Applications and Domains by Hits - Outbound: Applications and domains with the most generated events showing Internet-bound traffic was inspected or bypassed
- Top Inspected Applications: Applications with the most generated events showing the traffic was inspected
- Top Bypassed Applications: Applications with the most generated events showing the traffic was bypassed
- Top Inspected Domains: Domains with the most generated events showing the traffic was inspected
- Top Bypassed Domains: Domains with the most generated events showing the traffic was bypassed
-
Top Applications and Domains by Hits - WANbound: Applications and domains with the most generated events showing WANbound traffic was inspected or bypassed
- Top Inspected Applications: Applications with the most generated events showing the traffic was inspected
- Top Bypassed Applications: Applications with the most generated events showing the traffic was bypassed
- Top Inspected Domains: Domains with the most generated events showing the traffic was inspected
- Top Bypassed Domains: Domains with the most generated events showing the traffic was bypassed
-
Top Inspected and Bypassed Categories: Cato system categories with the most generated events showing traffic was inspected or bypassed
- Top Inspected Categories - Outbound: Categories with the most generated events showing Internet-bound traffic was inspected
- Top Bypassed Categories - Outbound: Categories with the most generated events showing Internet-bound traffic was bypassed
- Top Inspected Categories - WANbound: Categories with the most generated events showing WANbound traffic was inspected
- Top Bypassed Categories - WANbound: Categories with the most generated events showing WANbound traffic was bypassed
-
- TLS Certificate Errors: Shows the number of events generated for each type of TLS certificate error
0 comments
Please sign in to leave a comment.