Connection tab
The Connection tab lists all the connection pairs for the anomaly type (such as Network Attacks and Encrypted Attack). Double-click an entry to explore the anomaly content for anomalies that have occurred within the same connection pair.
By default, the Connection tab displays the following information:
Column | Definition |
---|---|
Latest Timestamp | The date the record was updated. |
Src IP | The source IP. |
Source Network |
The source network. You can use this column to filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Dst IP | The destination IP. |
Destination Network |
The destination network. You can use this column to filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Src Port | The source port. |
Dst Port | The destination port. |
Count (Historic) | The total number of times the anomaly was observed. |
Count (Past week) | The total number of times the anomaly was observed during the past week . |
First Event Timestamp | The timestamp for the first time the anomaly event was detected. |
To view the sessions for a selected condition:
- In the Anomaly tab, double-click a record in the list. The Anomaly Information pane opens.
- Click the Analytic tab.
- Double-click a log in the list. The Sessions Log for selected condition pane opens. the connection pair information is displayed.
From the Session Log pane, you have the option of viewing the source and destination device and viewing the sessions. For more information, see Session tab.
Session Information
The Session Information pane contains two tabs: General and Analytic.
General tab
The General tab displays the following information:
General |
|
Anomaly |
|
Additional Information |
|
Source Device |
|
Destination Device |
|
Analytic tab
By default, he Analytic tab displays the following information about he the connection pair:
Column |
Definition |
---|---|
Anomaly Severity | The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical). |
Attack Name | The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard. |
Count (Historic) | The total number of times the anomaly was observed. |
Count (Past week) | The total number of times the anomaly was observed during the past week . |