Analysis
Incident > Analysis lists the Incidents detected by FortiDeceptor.
To use the Analysis page:
- Go to Incident > Analysis.
- The Analysis page displays the list of events:
Severity
Severity of the event.
Last Activity
Date and time of the last activity.
Type
Type of event.
Attacker IP
Attacker IP mask.
Attacker User
Attacker username.
Victim IP
Victim Port
Port of the victim.
Lure
Name of the lure service.
Decoy ID
Unique ID of the Decoy VM.
ID
ID of the incident.
Attacker Port
Port where the attack originated.
Tag Key
Unique key string for the incident.
Password used by the attacker.
Start
Date and time when the attack started.
- To refresh the data, click Refresh.
- To download the detailed analysis report in PDF format, click Export to PDF.
- To mark items as read, expand the incident details or click Mark all as read.
Newly-detected incidents are in bold to indicate they are unread.
- To display specific types of events, click Show Interaction Events Only (default), IPS Events Only, Web Filter Events Only, or All.
- To specify columns and table settings, use the Settings icon at the bottom right.