IPS signature lookup 7.0.3
IPS signature lookup is available from Event Monitor and Log View for detected IPS attacks.
To use IPS signature lookup:
- Go to FortiSOC > Event Monitor.
You can see the generated IPS alerts under the Event Monitor.
- Drilldown on the event list and select the desired event.
- Double-click on the selected event.
You are redirected to a page with logs under this event.
- A column named Attack Name is displayed on the table. If you do not see this column, it can be added using the column settings. The values listed here are hyperlinks and are clickable.
- Click on a link to open a dialog window which consists of the IPS signature information.
Clicking the Show Raw Data button will display the raw information and also contains a search bar, Clear Search, Collapse All, and Copy To Clipboard options.
- The dialog window can also be opened in the following ways:
- Go to the All Events page and click the attack name under the log details.
- Go to Log View > FortiGate > Security > Intrusion Prevention and click the link in the Attack Name column. If the Attack Name column is not present, it can be added through the column settings.
- Go to the All Events page and click the attack name under the log details.