Fortinet black logo

Administration Guide

Home FortiDeceptor 3.0.0 Administration Guide

Analysis

3.0.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 7231d54a-211f-11ea-9384-00505692583a:810832
Download PDF

Analysis

Incident > Analysis lists the Incidents detected by FortiDeceptor. You can download the detailed analysis report by clicking Export to PDF.

To use the Analysis page:
  1. Go to Incident > Analysis.
  2. The Analysis page displays the list of events:

    Severity

    Severity of the event.

    Last Activity

    Date and time of the last activity.

    Type

    Type of event.

    Attacker IP

    Attacker IP mask.

    Attacker User

    Attacker username.

    Victim IP

    IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port where the attack originated.

    Attacker Type

    The attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    If the Decoy VM captured network traffic or files, download the PCAP files or dumped files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in table view.
  3. To refresh the data, click Refresh.
  4. To download the detailed analysis report in PDF format, click Export to PDF.
  5. To mark items as read, expand the incident details or click Mark all as read.

    Newly-detected incidents are in bold to indicate they are unread.

  6. To display specific types of events, click Show All, IPS Events Only, or Web Filter Events Only.
Previous
Next

Analysis

Incident > Analysis lists the Incidents detected by FortiDeceptor. You can download the detailed analysis report by clicking Export to PDF.

To use the Analysis page:
  1. Go to Incident > Analysis.
  2. The Analysis page displays the list of events:

    Severity

    Severity of the event.

    Last Activity

    Date and time of the last activity.

    Type

    Type of event.

    Attacker IP

    Attacker IP mask.

    Attacker User

    Attacker username.

    Victim IP

    IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port where the attack originated.

    Attacker Type

    The attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    If the Decoy VM captured network traffic or files, download the PCAP files or dumped files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in table view.
  3. To refresh the data, click Refresh.
  4. To download the detailed analysis report in PDF format, click Export to PDF.
  5. To mark items as read, expand the incident details or click Mark all as read.

    Newly-detected incidents are in bold to indicate they are unread.

  6. To display specific types of events, click Show All, IPS Events Only, or Web Filter Events Only.
Previous
Next