FortiGate C&C Detection in SOC View 6.4.3
The IOC scan feature has been enhanced to allow FortiAnalyzer to include FortiGate C&C detection in Compromised Hosts in the SOC View.
To view C&C attack logs:
- Go to FortiView > Compromised Hosts.
- Under Verdict, click Infected.
The C&C events have a Detect Method of
detected-by-fgt
and Log Type ofattack
. - Drilldown to view the log details. C&C logs will have an Attack Name matching
*.Botnet
.
To view C&C message logs:
- Go to FortiView > Compromised Hosts.
- Under Verdict, click Infected. The C&C events have a Detect Method of
detected-by-fgt
and Log Type ofattack
.\
- Drilldown to see the log details. The C&C logs appear under Message as
Botnet C&C
.