Logging Connections with Security Intelligence

The Security Intelligence policy requires the Threat Smart License or Protection Classic License.

Procedure

Step 1

In the access control policy editor, click Security Intelligence.

Step 2

Click the Logging (logging icon) icon to enable Security Intelligence logging using the following criteria:

  • By IP address—Click the logging icon next to Networks.
  • By URL—Click the logging icon next to URLs.
  • By Domain Name—Click the logging icon next to the DNS Policy drop-down list.

If the logging icon is disabled, settings are inherited from an ancestor policy, or you do not have permission to modify the configuration. If the configuration is unlocked, uncheck Inherit from base policy to enable editing.

Step 3

Check the Log Connections check box.

Step 4

Specify where to send connection and Security-Related connection events.

Send events to the Security Cloud Control if you want to perform Security Cloud Control-based analysis, or if you set a Block list to monitor-only.

Step 5

Click OK to set logging options.

Step 6

Click Save to save the policy.

What to do next

  • Deploy configuration changes.