The Webserver Protection > Details tab contains comprehensive statistics about the most active clients, virtual hosts, backends, response codes, and various attacks given for various time ranges.
From the first drop-down list, select the type of data to display, e.g., Top Clients or Top Attackers Per Virtual Host. Select the desired entry, and, if an additional box is displayed, specify the respective filter argument. Additionally, using the drop-down list below, you can filter the entries by time. Always click Update to apply the filters.
On the By Client and By Attacker views you can manually provide an IP/Network, as well as network ranges (e.g., 192.168.1.0/24 or 10/8). On the by Virtual Host views you can manually provide a domain. Note that you can use the percent sign (%) as a wildcard. By placing a percent sign at the end of your keyword, you are telling Sophos UTM to look for exact matches or sub-sets. Note that the filter field is case-sensitive.
On the Top Clients or Top Attackers views, if you click an IP in the result table, it will automatically be used as a filter for the Top Response Codes by Client or Top Rules by Attacker view.
By default, 20 entries per page are displayed. If there are more entries, you can jump forward and backward using the Forward and Backward icons, respectively. In the Number of rows drop-down list, you can increase the number of entries displayed per page.
You can download the data in PDF or Excel format by clicking one of the corresponding icons in the top right corner of the tab. The report is generated from the current view you have selected. Additionally, by clicking the Pie Chart icon—if present—you can get a pie chart displayed above the table.