Working with Compromised Hosts information
Go to SOC > FortiView > Threats > Compromised Hosts.
When viewing Compromised Hosts:
- Use the widget settings icon to select Table or Users format, set the refresh interval, and modify other widget settings.
- Use the tools icon to export the information, edit rescan configuration, and set additional display options.
- Use the toolbar to select devices, specify a time period, refresh the view, select a theme (Day, Night, and Ocean), and switch to full-screen mode.
When you view an event, the # of Threats is the number of unique Threat Names associated with that compromised host (end user).
When you drill down to view details, the # of Events is the number of logs matching each blacklist entry for that compromised host (end user).
- To acknowledge a Compromised Hosts line item, click Ack on that line.
- To filter entries, click Add Filter and specify devices or a time period.
- To drill down and view threat details, double-click a tile or a row.
Incorrectly rated IOCs can be reported within the Threat Intel Lookup screen, accessible by double-clicking on an End User, selecting the detected pattern from the Blacklist, and clicking Report Misrated IOC.