View Encrypted Visibility Engine Events

After enabling the Encrypted Visibility Engine and deploying your access control policy, you can start sending live traffic through your system. You can view the logged connection events on the Connection Events page or on the Unified Events page.

Perform this procedure to access the connection events in the Firewall Management Center.

Procedure

Step 1

Click Analysis > Connections Header > Events.

Step 2

Click the Table View of Connection Events tab.

You can also view the connection events in the Unified Events page. Click Analysis > Unified Events to access the Unified Events page.

The Encrypted Visibility Engine can identify the client process that initiated a connection and the operating system in the client, and indicate if the process contains malware or not.

On the Connection Events page, you must explicitly enable these columns that are added for the Encrypted Visibility Engine:

Encrypted Visibility Process Name
Encrypted Visibility Process Confidence Score
Encrypted Visibility Threat Confidence
Encrypted Visibility Threat Confidence Score
Detection Type

For information about these fields, see Connection and Security-Related Connection Event Fields .

Note

On the Connection Events page, if processes are assigned applications, the Detection Type column displays Encrypted Visibility Engine, indicating that the client application was identified by the Encrypted Visibility Engine. Without application assignments to process names, the Detection Type column displays AppID, indicating that the engine that identified the client application was AppID.