Working with Compromised Hosts information
Go to FortiView > FortiView > Threats > Compromised Hosts.
To navigate the Compromised Hosts dashboard:
- Use the toolbar icons to select the table, user ioc, or bubble view.
- Use the export icon to export table information into a PDF or report chart.
- Use settings to edit rescan configuration, and set additional display options, including Show Only Rescan and Show Acknowledged.
- Use the toolbar to select devices, specify a time period, refresh the view, or choose a GUI theme (Day, Night, and Ocean).
When viewing the Compromised Hosts dashboard, # of Threats is the number of unique threat names associated with that compromised host (end user).
- To acknowledge a Compromised Hosts line item, click Ack on that line.
- To filter entries, click Add Filter and specify devices or a time period.
- To drill down and view threat details, double-click a tile or a row.
When viewing threat details, the # of Events is the number of logs matching each blacklist entry for that compromised host (end user).
Incorrectly rated IOCs can be reported within the Threat Intel Lookup screen, accessible by double-clicking on an End User, selecting the detected pattern from the Blacklist, and clicking Report Misrated IOC.