Fortinet black logo

New Features

Network reconnaissance events detection

Copy Link
Copy Doc ID 7d55ae6f-8e83-11ec-9fd1-fa163e15d75b:280098
Download PDF

Network reconnaissance events detection

A new factory default event handler is available to detect network reconnaissance activites from attackers. This event handler has 11 filters and is enabled by default.

To view the network reconnaissance events handler:
  1. Go to FortiSoC > Handlers > Event Handler List.

    The Default-Recon-Activity-By-Endpoint event handler is enabled by default.

  2. Double-click Default-Recon-Activity-By-Endpoint to view the 11 predefined filters.

To view events generated by the recon activity handler:
  1. Go to FortiSoC > Event Monitor > All Events.
  2. Filter by Handler = Default-Recon-Activity-By-Endpoint.

Network reconnaissance events detection

A new factory default event handler is available to detect network reconnaissance activites from attackers. This event handler has 11 filters and is enabled by default.

To view the network reconnaissance events handler:
  1. Go to FortiSoC > Handlers > Event Handler List.

    The Default-Recon-Activity-By-Endpoint event handler is enabled by default.

  2. Double-click Default-Recon-Activity-By-Endpoint to view the 11 predefined filters.

To view events generated by the recon activity handler:
  1. Go to FortiSoC > Event Monitor > All Events.
  2. Filter by Handler = Default-Recon-Activity-By-Endpoint.