Fortinet black logo

Administration Guide

Home FortiNDR 7.2.3 Administration Guide
7.2.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Host Story

Host Story

Host Story organizes malware attacks by host IP address while Attack Scenario organizes malware attacks by attack type. The Host Story view helps you examine the host to see when the infections first took place. For example, a host might be obviously infected with ransomware because a ransomware note is displayed on the end user machine. However, many people might not know that the ransomware came from a dropper/downloader which can download malicious files to the same host. Providing a timetable based on host information allows SOC analysts to understand the attack by timeline, for example, a dropper might be sleeping in the PC for days until C&C kicks in to download other malicious code. Double-click each detection row to understand what was happening during this attack.

The Host Story summary page shows incident counts grouping by severities for each infected host.

The Host Story bubble displays the total number of hosts that have been attacked. Hovering over the bubble reveals a detailed distribution of the attack count for each individual host.

The bubble next to host 172.19.236.180 in the following example indicates the number of attack severity types found on that specific host. Hovering over the bubble reveals a detailed distribution of each severity type.

Previous
Next

Host Story

Host Story organizes malware attacks by host IP address while Attack Scenario organizes malware attacks by attack type. The Host Story view helps you examine the host to see when the infections first took place. For example, a host might be obviously infected with ransomware because a ransomware note is displayed on the end user machine. However, many people might not know that the ransomware came from a dropper/downloader which can download malicious files to the same host. Providing a timetable based on host information allows SOC analysts to understand the attack by timeline, for example, a dropper might be sleeping in the PC for days until C&C kicks in to download other malicious code. Double-click each detection row to understand what was happening during this attack.

The Host Story summary page shows incident counts grouping by severities for each infected host.

The Host Story bubble displays the total number of hosts that have been attacked. Hovering over the bubble reveals a detailed distribution of the attack count for each individual host.

The bubble next to host 172.19.236.180 in the following example indicates the number of attack severity types found on that specific host. Hovering over the bubble reveals a detailed distribution of each severity type.

Previous
Next