SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Reporting: Link IPS, and Malware events to description

Idea:
Link IPS and Malware events in reports to a online database with a description of the event if available.

Reason:
It's always a lot of work to find out the reason of IPS events as "SHELLCODE x86 inc ecx NOOP" or to find a description of a Virus like "HTML/Infected.WebPage.Gen"

Benefit:
It would ease administrators lives to easily find out, which behavior the security events triggered or what they even mean.

5 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Sascha Paris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Under Review  ·  Angelo Comazzetto responded  · 

We are planning to integrate more tightly with Sophos Labs, this feature will be possible during that project, in an as-yet to be determined release.

2 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
An error occurred while saving the comment
  • Pip commented  ·   ·  Flag as inappropriate

    Agreed with other commenter; would like to see the SID in the IPS reports.

  • BarryG commented  ·   ·  Flag as inappropriate

    Also, in the Reporting section, please include the SIDs on the IPS reports (e.g. in v9.0 at Logging & Reporting -> Network Protection -> IPS... no SIDs shown, even if downloading the CSV file).

    thanks

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.