Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

FortiGate C&C Detection in SOC View 6.4.3

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:139740
Download PDF

FortiGate C&C Detection in SOC View 6.4.3

The IOC scan feature has been enhanced to allow FortiAnalyzer to include FortiGate C&C detection in Compromised Hosts in the SOC View.

To view C&C attack logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected.

    The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

  3. Drilldown to view the log details. C&C logs will have an Attack Name matching *.Botnet.

To view C&C message logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected. The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

    \

  3. Drilldown to see the log details. The C&C logs appear under Message as Botnet C&C.

Previous
Next

FortiGate C&C Detection in SOC View 6.4.3

The IOC scan feature has been enhanced to allow FortiAnalyzer to include FortiGate C&C detection in Compromised Hosts in the SOC View.

To view C&C attack logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected.

    The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

  3. Drilldown to view the log details. C&C logs will have an Attack Name matching *.Botnet.

To view C&C message logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected. The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

    \

  3. Drilldown to see the log details. The C&C logs appear under Message as Botnet C&C.

Previous
Next