Fortinet black logo

User Guide

Home FortiRecon 22.2.0 User Guide
22.2.0
24.2.0
24.1.b
24.1.a
24.1.0
23.4.a
23.4.0
23.3.a
23.3.0
23.2.b
23.2.a
23.2.0
23.1.b
23.1.a
23.1.0
22.4.a
22.4.0
22.3.0
22.2.0

Exporting phishing results

Exporting phishing results

When FortiRecon detects that your web page has been cloned and hosted on a new IP address, a campaign is automatically created on the Phishing tab. A campaign tracks information on compromised users and allows you to add notes for internal tracking as needed.

You can download a Microsoft Excel file to your computer with information on the phishing campaign. Campaign information includes details on the URL and IP address where the phishing page is hosted. This information is important for initiating web page takedown.

To export phishing campaign information:

  1. Go to Brand Protection > Phishing and select a campaign.

  2. Filter for the information you want:

    1. Filter users by a date range:
      1. Click Date Range. Two calendars are displayed.
      2. In the left calendar, select a month, year, and day to specify the start date of the range.
      3. In the right calendar, select a month, year, and day to specify the end date of the range.

        Only users from the date range are displayed.

      4. Click the Date Range box, and click X to remove the date range filter.

    2. Search for email addresses:

      1. In the Type and hit Enter to Search box, type a full or partial email address, and press Enter.

        The users are filtered to display only users with the email address information provided.

      2. Click the X beside the email address to remove the filter.

  3. Select the Compromised Users you want to include in the report.

  4. Click the Export Result dropdown.

  5. Select Export Campaign IOC. A Microsoft Excel file is downloaded to your computer.

Note

You can also export the file using the Export Result button.
Previous
Next

Exporting phishing results

When FortiRecon detects that your web page has been cloned and hosted on a new IP address, a campaign is automatically created on the Phishing tab. A campaign tracks information on compromised users and allows you to add notes for internal tracking as needed.

You can download a Microsoft Excel file to your computer with information on the phishing campaign. Campaign information includes details on the URL and IP address where the phishing page is hosted. This information is important for initiating web page takedown.

To export phishing campaign information:

  1. Go to Brand Protection > Phishing and select a campaign.

  2. Filter for the information you want:

    1. Filter users by a date range:
      1. Click Date Range. Two calendars are displayed.
      2. In the left calendar, select a month, year, and day to specify the start date of the range.
      3. In the right calendar, select a month, year, and day to specify the end date of the range.

        Only users from the date range are displayed.

      4. Click the Date Range box, and click X to remove the date range filter.

    2. Search for email addresses:

      1. In the Type and hit Enter to Search box, type a full or partial email address, and press Enter.

        The users are filtered to display only users with the email address information provided.

      2. Click the X beside the email address to remove the filter.

  3. Select the Compromised Users you want to include in the report.

  4. Click the Export Result dropdown.

  5. Select Export Campaign IOC. A Microsoft Excel file is downloaded to your computer.

Note

You can also export the file using the Export Result button.
Previous
Next