Meanings of "Blocked" & "Intrusion" displayed in IP of AppFlow Reports under Dashboard
My SonicWall is TZ 350.
The users' email have been hacked. I try to get ideas of those PCs that may be hacked from AppFlow Reports under Dashboard. I have set up some Deny Access Rules and enabled Intrusion Prevention.
I have found figures shown in "Blocked" & "Intrusion" displayed in IP of AppFlow Reports under Dashboard.
I have the following ideas. Please tell if my understandings are correct.
1 The Blocked figure is counted due to hitting my Deny Access Rules in Firewall.
2 The Intrusion figure is counted when the hacker tries to contact his hacking tool phoning home before my SonicWall setup in the network.
3 These figures are re-set only by rebooting the SonicWall.