Fortinet black logo

Analysis

Copy Link
Copy Doc ID 52ca6fc9-c9b4-11e9-8977-00505692583a:810832
Download PDF

Analysis

The Analysis page lists the Incidents detected by FortiDeceptor. The detailed Analysis report can be downloaded from the Export to PDF option.

To see the list of Events:
  1. Go to Incident > Analysis.
  2. The following information is shown:
    Severity Severity of the Event is shown as Critical, High, Medium, Low, or Unknown.
    Last Activity Date and time of the last activity.
    Type Type of Event.
    Attacker IP Mask IP mask of the attacker.
    Attacker User User name of the attacker.
    Victim IP IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port from where the attack originated.

    Attacker Type

    The Attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    Download the PCAP files or dumped files, if the Decoy VM captured network traffic or files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in a table view.

To refresh the data:

Click Refresh to refresh the data.

To export to PDF:
  1. Click Export to PDF.
  2. Click OK to save the PDF.
To mark all items as read:

Newly detected incidents will be displayed in bold to indicate as unread. The rows can be marked as read by expanding the Incident details or by clicking the Mark all as read button.

Show Options:

The radio buttons beside the Show label are as follows: All to display all incidents and Events, IPS Events Only to display all incidents with IPS events, Web Filter Events Only to display all incidents with Web Filter events. When theIPS Events Only and Web Filter Events Onlyradio buttons are selected, no other types of incidents will be displayed until the All radio button is re-selected.

Analysis

The Analysis page lists the Incidents detected by FortiDeceptor. The detailed Analysis report can be downloaded from the Export to PDF option.

To see the list of Events:
  1. Go to Incident > Analysis.
  2. The following information is shown:
    Severity Severity of the Event is shown as Critical, High, Medium, Low, or Unknown.
    Last Activity Date and time of the last activity.
    Type Type of Event.
    Attacker IP Mask IP mask of the attacker.
    Attacker User User name of the attacker.
    Victim IP IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port from where the attack originated.

    Attacker Type

    The Attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    Download the PCAP files or dumped files, if the Decoy VM captured network traffic or files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in a table view.

To refresh the data:

Click Refresh to refresh the data.

To export to PDF:
  1. Click Export to PDF.
  2. Click OK to save the PDF.
To mark all items as read:

Newly detected incidents will be displayed in bold to indicate as unread. The rows can be marked as read by expanding the Incident details or by clicking the Mark all as read button.

Show Options:

The radio buttons beside the Show label are as follows: All to display all incidents and Events, IPS Events Only to display all incidents with IPS events, Web Filter Events Only to display all incidents with Web Filter events. When theIPS Events Only and Web Filter Events Onlyradio buttons are selected, no other types of incidents will be displayed until the All radio button is re-selected.