Working with Compromised Hosts information
Go to FortiView > FortiView > Threats > Compromised Hosts.
To navigate the Compromised Hosts dashboard:
- Use the toolbar icons to select the table, user ioc, or bubble view.
- Use the export icon to export table information into a PDF or report chart.
- Use settings to edit rescan configuration, and set additional display options, including Show Only Rescan and Show Acknowledged.
- Use the toolbar to select devices, specify a time period, refresh the view, or enable Dark Mode.
When viewing the Compromised Hosts dashboard, # of Threats is the number of unique threat names associated with that compromised host (end user).
- To acknowledge a Compromised Hosts line item, click Ack on that line.
- To filter entries, click Add Filter and specify devices or a time period.
- To drill down and view threat details, double-click a tile or a row.
When viewing threat details, the # of Events is the number of logs matching each blacklist entry for that compromised host (end user).
Incorrectly rated IOCs can be reported after drilling down to view threat details. Click the Detect Pattern for the row, and, in the Information dialog, click report Misrated IOC.