Finding FortiGate C&C detection logs
FortiGate detected botnet events while performing an IOC scan. The administrator wants to view the C&C and logs with SOC view in Compromised Hosts.
To view C&C detection logs:
- Go to FortiView > Compromised Hosts.
- In the main view, right-click an entry and select Blocklist, or double-click an entry. The Blocklist is displayed. C&C detection logs have the following values:
Column Value Threat Name
- In the Blocklist drill-down view, double-click an entry to view related logs. Log View is displayed.
C&C detection entries appear in either the Attack Name or Message columns with one of the following values:
Column Value Attack Name
Botnet C&C *(for example,
Botnet C&C Communication)