FortiGate devices generate an event log for indicators of compromise (IOC) when they are detected in local out traffic. FortiAnalyzer displays this data in FortiView > FortiView > Threats > Compromised Hosts.
- Go to FortiView > FortiView > Threats > Compromised Hosts.
- Double-click the row for a compromised host.
The Threat Name = botnet and the Detect Pattern= the destination IP.
- Double-click the row for the detect pattern.
You can review the related logs for the IOC.