Fortinet black logo

Administration Guide

Analysis

Copy Link
Copy Doc ID 5e5f427d-b811-11eb-92d0-00505692583a:810832
Download PDF

Analysis

Incident > Analysis lists the Incidents detected by FortiDeceptor.

To use the Analysis page:
  1. Go to Incident > Analysis.
  2. The Analysis page displays the list of events:

    Severity

    Severity of the event.

    Protocol

    Network protocol the attacker used to perform the attack.

    Last Activity

    Date and time of the last activity.

    Type

    Type of event.

    Attacker IP

    Attacker IP address.

    Attacker User

    Attacker username.

    Victim IP

    IP address of the victim.

    Victim Port

    Port of the victim.

    Decoy ID

    Unique ID of the Decoy VM.

    ID

    ID of the incident.

    Attacker Port

    Port where the attack originated.

    Tag Key

    Unique key string for the incident.

    Attacker Password

    Password used by the attacker.

    Start

    Date and time when the attack started.

  3. To refresh the data, click Refresh.
  4. To download the detailed analysis report in PDF format, click Export to PDF.
  5. To mark items as read, expand the incident details or click Mark all as read.

    Newly-detected incidents are in bold to indicate they are unread.

  6. To display specific types of events, click Show Interaction Events Only (default), IPS Events Only, Web Filter Events Only, or All.
  7. To specify columns and table settings, use the Settings icon at the bottom right.

Analysis

Incident > Analysis lists the Incidents detected by FortiDeceptor.

To use the Analysis page:
  1. Go to Incident > Analysis.
  2. The Analysis page displays the list of events:

    Severity

    Severity of the event.

    Protocol

    Network protocol the attacker used to perform the attack.

    Last Activity

    Date and time of the last activity.

    Type

    Type of event.

    Attacker IP

    Attacker IP address.

    Attacker User

    Attacker username.

    Victim IP

    IP address of the victim.

    Victim Port

    Port of the victim.

    Decoy ID

    Unique ID of the Decoy VM.

    ID

    ID of the incident.

    Attacker Port

    Port where the attack originated.

    Tag Key

    Unique key string for the incident.

    Attacker Password

    Password used by the attacker.

    Start

    Date and time when the attack started.

  3. To refresh the data, click Refresh.
  4. To download the detailed analysis report in PDF format, click Export to PDF.
  5. To mark items as read, expand the incident details or click Mark all as read.

    Newly-detected incidents are in bold to indicate they are unread.

  6. To display specific types of events, click Show Interaction Events Only (default), IPS Events Only, Web Filter Events Only, or All.
  7. To specify columns and table settings, use the Settings icon at the bottom right.