Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Network reconnaissance events detection

A new factory default event handler is available to detect network reconnaissance activites from attackers. This event handler has 11 filters and is enabled by default.

To view the network reconnaissance events handler:
  1. Go to FortiSoC > Handlers > Event Handler List.

    The Default-Recon-Activity-By-Endpoint event handler is enabled by default.

  2. Double-click Default-Recon-Activity-By-Endpoint to view the 11 predefined filters.

To view events generated by the recon activity handler:
  1. Go to FortiSoC > Event Monitor > All Events.
  2. Filter by Handler = Default-Recon-Activity-By-Endpoint.

Network reconnaissance events detection

A new factory default event handler is available to detect network reconnaissance activites from attackers. This event handler has 11 filters and is enabled by default.

To view the network reconnaissance events handler:
  1. Go to FortiSoC > Handlers > Event Handler List.

    The Default-Recon-Activity-By-Endpoint event handler is enabled by default.

  2. Double-click Default-Recon-Activity-By-Endpoint to view the 11 predefined filters.

To view events generated by the recon activity handler:
  1. Go to FortiSoC > Event Monitor > All Events.
  2. Filter by Handler = Default-Recon-Activity-By-Endpoint.