Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Include IOC detected on FortiGate local traffic in FortiAnalyzer IOC view

FortiGate devices generate an event log for indicators of compromise (IOC) when they are detected in local out traffic. FortiAnalyzer displays this data in FortiView > FortiView > Threats > Compromised Hosts.

To view IOC detected on FortiGate local traffic:
  1. Go to FortiView > FortiView > Threats > Compromised Hosts.

  2. Double-click the row for a compromised host.

    The Threat Name = botnet and the Detect Pattern= the destination IP.

  3. Double-click the row for the detect pattern.

    You can review the related logs for the IOC.

Include IOC detected on FortiGate local traffic in FortiAnalyzer IOC view

FortiGate devices generate an event log for indicators of compromise (IOC) when they are detected in local out traffic. FortiAnalyzer displays this data in FortiView > FortiView > Threats > Compromised Hosts.

To view IOC detected on FortiGate local traffic:
  1. Go to FortiView > FortiView > Threats > Compromised Hosts.

  2. Double-click the row for a compromised host.

    The Threat Name = botnet and the Detect Pattern= the destination IP.

  3. Double-click the row for the detect pattern.

    You can review the related logs for the IOC.