Fortinet black logo

Administration Guide

Home FortiDeceptor 3.0.0 Administration Guide
3.0.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

Quarantine Status

Quarantine Status

The Quarantine Status page displays the status of blocking and quarantined IP addresses. It also lets you manually block or unblock devices. The following options are available:

Refresh

Refresh the page to get the latest data.

Block

Manually send a blocking request for the selected attacker IP addresses.

Unblock

Manually send an unblocking request for the selected attack IP addresses.

The following information is displayed:

Attacker IP address

IP addresses of blocked attacker.

Start

Start time of blocking behavior.

End

End time of blocking behavior.

Handler Address

IP address of the integrated FortiGate.

Handler

The integrated device type.

Handle Type

Blocking type, manual, or automatic quarantine.

VDOM

VDOM of the integrated FortiGate.

Time Remaining

The remaining blocking time.

Status

Current status of the attacker.

Message

Related message for the blocking entry.

IOC Export

The IOC Export function exports the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files, and WCF (Web Content Filtering) events. You can choose to include MD5 checksums, WCF category, and reconnaissance alerts.

Previous
Next

Quarantine Status

The Quarantine Status page displays the status of blocking and quarantined IP addresses. It also lets you manually block or unblock devices. The following options are available:

Refresh

Refresh the page to get the latest data.

Block

Manually send a blocking request for the selected attacker IP addresses.

Unblock

Manually send an unblocking request for the selected attack IP addresses.

The following information is displayed:

Attacker IP address

IP addresses of blocked attacker.

Start

Start time of blocking behavior.

End

End time of blocking behavior.

Handler Address

IP address of the integrated FortiGate.

Handler

The integrated device type.

Handle Type

Blocking type, manual, or automatic quarantine.

VDOM

VDOM of the integrated FortiGate.

Time Remaining

The remaining blocking time.

Status

Current status of the attacker.

Message

Related message for the blocking entry.

IOC Export

The IOC Export function exports the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files, and WCF (Web Content Filtering) events. You can choose to include MD5 checksums, WCF category, and reconnaissance alerts.

Previous
Next