Skip to content

Gateway Scan Summary

Overview

The Crystal Eye XDR has an inbuilt Gateway Antivirus that examines and evaluates files as they transit in real time. The CE XDR makes use of a combination of signature and heuristic analysis to classify files to detect and automatically block malicious files in order to prevent infection from occurring. The Gateway Scan Summary section of the Security Dashboard displays the scan summary specifying details regarding the files that were blocked. These details include Timestamp, IP Address (where the malicious files were detected), Site (domain name from where the malicious files originated), Blocked URL (URL of the blocked file), Reason (why the file was blocked), Content Type and Description.

Note

The Gateway Scan Summary can also be viewed in the Scan Summary section of the Gateway Scan Report application and the AV Alerts Summary section under the IDPS Alerts tab of the Threat Dashboard. You can also download a PDF Scan Summary Report from the Gateway Scan Report application.

Crystal Eye XDR administrators can also filter the scan report for a particular time bucket. All the flagged bad content in the Gateway Scan Summary are searchable through the search bar. The files that are blocked can also be allowed (whitelisted) to get past Crystal Eye’s AV and can also be escalated to Red Piranha’s Security Operations Team (RP Secops) for further analysis. The escalation process can only be done if the Incident Response Services application is installed and configured.

How to Filter Scan Report as per Time Range?

Step 1: In the Security Dashboard, select the Time Range from the dropdown.

crystal-eye-xdr-filter-gateway-scan-report1

Step 2: You will now see the Scan summary for the selected time range.

crystal-eye-xdr-filter-gateway-scan-repor2

Note

Here we have selected the time range as ‘Last Week’ so that the scan summary shows all the files that were blocked in the past 1 week.

How to Allow a Flagged Bad Content from the Gateway Scan Summary in the Security Dashboard?

Step 1: In the Security Dashboard, click the flagged bad content in the Gateway Scan Summary section.

crystal-eye-xdr-allow-flagged-content-gateway-scan1

Step 2: You will now see the Scan Information pop-up. Click the Allow button.

crystal-eye-xdr-filter-gateway-scan-repor2

Step 3: You will now see the message, “Successfully Allowed Site’’.

Note

Once the flagged bad content is allowed the website from where the file was downloaded gets included in the Exception Sites section of the Web Filter application. However, the inclusion of the website would remain limited to the exception sites section of the content filter policy assigned to the IP address where the bad content was detected at the first place.

How to Escalate the ‘Flagged Bad Content’ Displayed in the Gateway Scan Summary to Red Piranha’s Security Operations Centre (SOC) Team?

Before escalating the ‘flagged bad content’ to Red Piranha’s SOC Team it must be ensured that the Incident Response Services application is installed from the marketplace and configured as well. Apart from the Security Dashboard, a ‘flagged bad content’ can also be escalated from the Scan Summary section of the Gateway Scan Report application and the AV Alerts Summary section under the IDPS Alerts tab of the Threat Dashboard.

Step 1: In the Security Dashboard, click the flagged bad content displayed in the Gateway Scan Summary.

crystal-eye-xdr-escalate-flagged-content-gateway-scan1

Step 2: You will now see the Scan Information pop-up. Click the Escalate button.

crystal-eye-xdr-escalate-flagged-content-gateway-scan2

Note

You will now see the message, “Alert Escalated Successfully”.