Fortinet black logo

Administration Guide

Working with Compromised Hosts information

Working with Compromised Hosts information

Go to SOC > FortiView > Threats > Compromised Hosts.

When viewing Compromised Hosts:

  • Use the widget settings icon to select Table or Users format, set the refresh interval, and modify other widget settings.
  • Use the tools icon to export the information, edit rescan configuration, and set additional display options.
  • Use the toolbar to select devices, specify a time period, refresh the view, select a theme (Day, Night, and Ocean), and switch to full-screen mode.

When you view an event, the # of Threats is the number of unique Threat Names associated with that compromised host (end user).

When you drill down to view details, the # of Events is the number of logs matching each blacklist entry for that compromised host (end user).

  • To acknowledge a Compromised Hosts line item, click Ack on that line.
  • To filter entries, click Add Filter and specify devices or a time period.
  • To drill down and view threat details, double-click a tile or a row.

Incorrectly rated IOCs can be reported within the Threat Intel Lookup screen, accessible by double-clicking on an End User, selecting the detected pattern from the Blacklist, and clicking Report Misrated IOC.

Working with Compromised Hosts information

Go to SOC > FortiView > Threats > Compromised Hosts.

When viewing Compromised Hosts:

  • Use the widget settings icon to select Table or Users format, set the refresh interval, and modify other widget settings.
  • Use the tools icon to export the information, edit rescan configuration, and set additional display options.
  • Use the toolbar to select devices, specify a time period, refresh the view, select a theme (Day, Night, and Ocean), and switch to full-screen mode.

When you view an event, the # of Threats is the number of unique Threat Names associated with that compromised host (end user).

When you drill down to view details, the # of Events is the number of logs matching each blacklist entry for that compromised host (end user).

  • To acknowledge a Compromised Hosts line item, click Ack on that line.
  • To filter entries, click Add Filter and specify devices or a time period.
  • To drill down and view threat details, double-click a tile or a row.

Incorrectly rated IOCs can be reported within the Threat Intel Lookup screen, accessible by double-clicking on an End User, selecting the detected pattern from the Blacklist, and clicking Report Misrated IOC.