What metrics make up the number Total scanned under Network Attacks Exceutive summary

I am trying to understand this information. See image

Should the total scanned be the sum of Intrusion prevention, Geolocation, Reputation Enabled Defense, and botnet detection?

Is this all packets scans of protocols, including HTTP, HTTPS, FTP, TCP, UDP, DNS, SMTP, POP3, etc to block network, application, and protocol-based attacks?



  • Botnet detection & Geo are looking at an IP addr - I assume of a session initiation packet.
    RED is looking up a domain name for a HTTP/HTTPS session.
    Intrusion detection depends on the signatures used for the inspection - they can be for many packet types, many of the sigs are for web related access, but there are lots of others including DNS, email attachments etc.

Sign In to comment.