The Compromised Hosts monitor leverages the data collected by FortiAnalyzer on the endpoints on your network. To see compromised hosts, the FortiAnalyzer must have a FortiGuard Indicators of Compromise license. The IOC service helps identify compromised hosts based on infected websites that it may have visited.
This monitor captures the same information as seen on the Compromised Hosts monitor on the FortiGate.
- Go to Security Operations Center > Compromised Hosts.
- In the left-hand pane, scroll through the user list.
The monitor displays three panes:
- The User Information pane displays the user's contact information and IP address.
- The Topology View pane displays the user's location in the topology.
- The Verdict View pane displays the Malware, Detected Method, and Security Action.