Quarantine Status
The Quarantine Status menu displays the status of blocking/quarantine IP addresses. It also lets you manually block/unblock devices. Following options are available:
Refresh |
Refresh the page to get latest data. |
Block |
Manually send a blocking request for the selected attacker IP addresses in the table. |
Unblock |
Manually send an unblocking request for the selected attack IP addresses in the table. |
The following information is displayed:
Attacker IP |
The IP addresses of blocked attacker. |
Start |
The start time of blocking behavior. |
End |
The end time of blocking behavior. |
Handler Address |
The IP address of the integrated FortiGate. |
Handler |
|
Handle Type |
The blocking type, manual or automatic quarantine. |
Time to Live |
The blocking time period. |
Status |
The current status of the attacker. |
Message |
The related message for the blocking entry. |
IOC Export
The IOC Export function exports the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files and WCF (Web Content Filtering) events. The export configuration includes MD5 checksums, WCF category and Reconnaissance Alerts.