Monthly Security Report
Organization: xxxxxx
Period: 21 days
Start Date: 2023-03-01
Issuer: Sangfor Platform-X
Date Reported: 2023-03-21
End Date: 2023-03-21

Item Description
Period 2023-03-01 to 2023-03-21 (21 days)
Reporting Device JKNS_NGAF,XCENTRAL_EDR 2 devices
Assets Servers: 0, hosts: 0
Generated On 2023-03-21 16:11:51

Servers and hosts are critical assets of an organization. To ensure the security of the network, the security
of servers and hosts must also be guaranteed.
This Security Health Check Report is a summary of security findings and events in your network. This
information is generated by analyzing integrated security logs from your Sangfor devices and our cloud-
delivered threat intelligence.

01 Overview
◆ Security Overview
◆ Server Security Overview
◆ Host Security Overview
◆ Device Status
◆ Blocked Attacks
02 Security Events
◆ Fixed Events
◆ Pending Events
03 Server Security
◆ Vulnerability Detection
◆ Exploitation Protection
◆ Exploitation Remediation
04 Host Security
◆ Botnet Detection
◆ Content Security Detection
◆ Common Threat Detection
05 Security Enhancement
◆ Protection Results
◆ Protection Check
◆ Protection Updates
06 Conclusions
◆ Server Security Protection
◆ Host Security Protection

Overview
◆ Server Security Overview
The IT system is responsible for the organization's daily network operations and
data assets, which makes it a primary target for hackers.
If servers are not protected properly, business interruption, data loss and
other problems may occur.
◆ Host Security Overview
If daily online behavior, file transmission, etc. are not adequately protected,
security issues will occur. Gartner research found that 85% security threats are
internal. Inadequate host protection will often cause virus infection, sensitive
data disclosure and other serious issues.

Server Security
Excellent
0
Servers
0
Hosts (uncategorized assets included)
With protection, overall security rating is raised to Excellent. Details are shown below:
Attack Blocked inbound attacks: 0 No attacks detected
Vulnerability No vulnerabilities detected No vulnerabilities detected
Unsecured No security events detected No risks such as outbound access or botnets detected
Compromised (Backlink,
WebShell, etc.)
No compromised events detected No backlinks, WebShell, or other compromised events
detected
Device Protection No expired database detected Details can be viewed on the device
* Security overview shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.

Overview
0
Servers
0
Risky Servers
Security Protection
Post-Protection:
Post-Protection Server Security
Vulnerability Detection
No weakness
Monitor is ON
* Weaknesses like vulnerabilities, improper
configurations, weak passwords and web cleartext
transmission may be exploited and incur threat.
Exploitation Protection
No attack
Monitor is ON
* Analyses are made based on source, techniques
and targets.
Exploitation Remediation
No compromised servers
Monitor is ON
* Detections of compromised servers with backlink
injection and WebShell backdoor.
* Weaknesses and threats shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.

Security Overview
0
Hosts (uncategorized
assets included)
0
Risky Hosts
Security Protection
Post-Protection:
Post-Protection Host Security
Botnet Detection
No botnet infection
Monitor is ON
* Scans are made to detect threats and suspicious
behaviors from hosts.
Content Security Detection
No file infection
Monitor is ON
* Scans are made to detect malicious activities
during file upload and download.
Common Virus Infection
No common virus infection detected
Monitor is ON
* Scans are made to detect virus infections such as
worms and Trojans on hosts.
* Suspicious online activities shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.

Status
No. Device Name/Gateway ID Device Type Version Bandwidth (%) CPU
(%)
Memory (%) Disk
(%)
Outbound (Bps) Inbound (Bps)
1 JKNS_NGAF(C513E0FA) NGAF 8.0.26 - 20 40 24 10300000 12890000
Basics
* All device status info can be viewed in Platform-X > Assets > Branches.
No data available
No. Device Name/Gateway ID Traffic Alert Offline Alert License Alert Resource Alert
Top 5 Devices by Alerts
* All device status info can be viewed in Platform-X.

Attacks
Summary
During the report period, 0 attacks were blocked. The daily attack trend is shown below:
Recommendations
Business assets that are exposed to the internet are vulnerable to malicious scans and targeted attacks.
Sangfor NGAF protects your assets from inbound attacks at all times, while Sangfor Platform-X comprehensively analyzes advanced security events to prevent
intrusions and ensure business security.
* The daily attack trend shown above is come from Sangfor NGAF security logs.

Security Events
◆ Fixed Events
◆ Pending Events

Fixed Security Events
During the report period, 0security events were fixed, which can effectively reduce potential risks and protect the confidentiality, integrity
and availability of data. The daily attack trend is shown below:
Top 5 Assets by Fixed Events - Overview
No data available
No. Asset Criticality Security Status Top 2 Major Threats Fixed Events
* Events shown above are come from cloud-delivered threat intelligence.

No data available
Pending Security Event Types Top 5 Assets by Pending Events
No data available
Top 5 Assets by Pending Events - Overview
No data available
No. Asset Criticality Security Status Top 2 Major Threats Pending Events
* Events shown above are come from cloud-delivered threat intelligence.

Server Security
◆ Vulnerability Detection
◆ Exploitation Protection
◆ Exploitation Remediation

Summary
No data available
Weaknesses refer to vulnerabilities in an asset that can be exploited to compromise security, including technical weaknesses (such as system vulnerabilities,
improper configurations, web cleartext transmission, etc.) and management weaknesses (such as weak passwords).
Weakness Distribution
High Medium Low
Description
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Forensics - Weakness and Victim Servers
No weakness
Weakness Type Severity Server (Weaknesses)
Top 5 Weaknesses
No vulnerable business
IP Address Weaknesses Web Cleartext Transmission Improper Configurations Weak Passwords Vulnerabilities
Top 5 Victim Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Protection
Attack Sources
Monitor is ON
Attack Techniques
Monitor is ON
Targets
Monitor is ON
* Data shown above is come from Sangfor NGAF security logs.

Attack Source Summary
No attack source
No. IP Attack Type Attacks Location
Top Sources:
Attack Sources
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Monitor is ON
Protection Module Performance
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive
URL Access). Below is the performance of the Intrusion Prevention and Web App Protection modules:
0vulnerability exploits
Intrusion Prevention
1 0web application attacks
Web App Protection
2
◆ Vulnerability Exploits
Monitor is ON
◆ Web Application Attacks
Attacks that may cause system compromise: WebShell upload, Trojan, OS command
injection, Web site vulnerabilities
Attacks that may cause data disclosure : SQL Injection
Attacks that may cause malicious code execution: XSS and file inclusion
Attacks that may cause data leak risks: path traversal, website scan, cross-site
request forgery (CSRF) and information disclosure
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Monitor is ON
Protection Module Performance
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive
URL Access). Below is the performance of the Botnet Detection and Restrictive URL Access modules:
0botnet communications
Botnet Detection
3 0URL accesses blocked
Restrictive URL Access
4
◆ Botnet Communications
Monitor is ON
◆ Blocked URLs
Monitor is ON
◆ Victim Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Victim Servers
Victim Servers
No servers attacked
No. Server Asset Attacks
Top Targeted Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Remediation
Summary
No data available
Forensics and Analysis
Backlink Injections
Type:
Recommendations
None
* High-threat events shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.

Host Security
◆ Botnet Detection
◆ Content Security Detection
◆ Common Threat Detection

Summary
Not botnet infection detected
No hosts infected
No. Host Infected Severity Last Detected Stage Detections
Infected Hosts
Recommendations
Download anti-malware software to scan for and remove malware on the infected host.
Anti-malware software can be downloaded at https://endpoint.sangfor.com/#/information/all_tools
* Data shown above is come from Sangfor NGAF security logs.

Detection
Summary
No data available
Malware Downloads
No hosts download virus-infected files
No. User Description Sources
Malicious Virus Downloads
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Detection
Summary
No hosts infected by common viruses
Common Threat Detection
No common threats detected
◆ Tags
No data available
◆ Impacts
No data available
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.

Security Enhancement
◆ Protection Results
◆ Protection Check
◆ Protection Updates

During the report period, 0attacks occurred. Details of attacks blocked by all modules are shown below:
Recommendations
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive URL
Access). Sangfor continuously updates threat signatures to prevent new threats. Please keep protection modules up to date.
* Data shown above is come from Sangfor NGAF security logs.

URL Database
Detects URL categories and
applies granular access control
based on security policies
No data available No data available
Application Signatures
Visualizes network traffic and
provides application layer
protection through integrating
security policies
No data available No data available
Weakness Analytic
Analyzes weaknesses and risks
present in assets
No data available No data available
Intrusion Prevention
Detects and prevents intrusion to
protect data and network security
No data available No data available
Module Top 3 Modules by Expiration Current Version
Check the expiration and current version of protection modules to ensure that protection is up to date and that new threats can be detected.
Details of all modules are shown below:
* Data shown above is come from Sangfor NGAF security logs.

Web App Protection
Provides general protections for
web applications and servers
No data available No data available
Botnet Detection
Prevents the download of viruses
from malicious websites and
detects internal compromised hosts
to avoid further spread
No data available No data available
Sangfor Engine Zero
Helps users to block the latest
threats
No data available No data available
Hot Events
Helps users to block the latest
threats
No data available No data available
Module Top 3 Modules by Expiration Current Version
Recommendations
Sangfor periodically updates threat signatures from the cloud to detect new threats. Please keep the threat signature database version up to date to prevent
attacks that use new attack techniques.
* Data shown above is come from Sangfor NGAF security logs.

Updates
New Deleted Modified Vulns Involved
16 1 6 0
Intrusion Prevention Module
From 2023-03-01 to 2023-03-21, 23 rules were updated. Details are shown below:
The threat signatures of the top 3 latest vulnerabilities are updated. Details are shown below:
No data available
CVE ID Vulnerability Name Impacts
Vuln Blocked
by Updated
Database
* Data shown above is come from Sangfor NGAF security logs.

Conclusions
◆ Server Security Protection
◆ Host Security Protection

Protection
Vulnerability Detection No weakness
With respect to technology and management, enhance weakness detection and security before attacks occur, and fix possible vulnerabilities as
early as possible to reduce exposure to threats.
Exploitation Protection No attack
Perform frequent upgrades to security protection capabilities to be able to identify and block high-threat attack sources and become more
responsive to various types of attacks.
Exploitation Remediation No compromised servers
Enhance security of servers and hosts by installing antivirus and anti-defacement software. Perform asset security auditing regularly to protect
your assets.

Protection
Botnet Detection No botnet infection
Use endpoint security software and secure gateway to detect possible viruses and suspicious traffic on endpoints, and enhance endpoint security
by scanning for bot-infected hosts and removing botnet viruses.
Content Security Detection No file infection
Use endpoint security software and secure gateway to discover and block high-risk online activities. Meanwhile, restrict users' access to the
internet and improve their security awareness to avoid accessing malicious sources.
Common Threat Detection No common virus infection detected
Be aware of common threats, and upgrade security detection and protection capabilities to protect hosts from being infected with common viruses.

Sangfor Platform-X