Quarantine Status
The Quarantine Status page displays the status of blocking and quarantined IP addresses. It also lets you manually block or unblock devices. The following options are available:
Refresh |
Refresh the page to get the latest data. |
Block |
Manually send a blocking request for the selected attacker IP addresses. |
Unblock |
Manually send an unblocking request for the selected attack IP addresses. |
The following information is displayed:
Attacker IP address |
IP addresses of blocked attacker. |
Start |
Start time of blocking behavior. |
End |
End time of blocking behavior. |
Handler Address |
IP address of the integrated FortiGate. |
Handler |
|
Handle Type |
Blocking type, manual, or automatic quarantine. |
VDOM |
VDOM of the integrated FortiGate. |
Time Remaining |
The remaining blocking time. |
Status |
Current status of the attacker. |
Message |
Related message for the blocking entry. |
IOC Export
The IOC Export function exports the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files, and WCF (Web Content Filtering) events. You can choose to include MD5 checksums, WCF category, and reconnaissance alerts.