If nothing shows in ATP, IPS, Zero-Day logs how do I know if it's working?

Question

In the Firewall and SSL/TLS Inspection logs I can see positive and negative results.But I see nothing at all in the ATP, IPS, App Filter, Malware, and Zero-Day logs. Would they only show negative events -- i.e. malware in a download -- or should this tell me that I think I have them doing something and they are not? (Antivirus and IPS are shown as running in Services.) 
 
 It's possible that everything's running and examining the appropriate streams of data but there's just nothing there. That would be good. But is there any way to check that this is the case: that the appropriate data is being examined but nothing is found?

FormerMember · Accepted Answer

Hi Wayne Folta , 
 Thank you for reaching out to the Community! 
 You could use the following SophosLabs website to test the configured security controls on your firewall. 
 
 Sophos Web Security and Control Test Site 
 
 Thanks,

LuCar Toni · Answer

You can write a own signature for IPS and block a page your choice. The same way IPS will work, checking for content in packets. 
 You can use sophostest.com callhome, it should trigger a ATP Alert.

If nothing shows in ATP, IPS, Zero-Day logs how do I know if it's working?

Top Replies