Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiGate C&C Detection in SOC View 6.4.3

The IOC scan feature has been enhanced to allow FortiAnalyzer to include FortiGate C&C detection in Compromised Hosts in the SOC View.

To view C&C attack logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected.

    The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

  3. Drilldown to view the log details. C&C logs will have an Attack Name matching *.Botnet.

To view C&C message logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected. The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

    \

  3. Drilldown to see the log details. The C&C logs appear under Message as Botnet C&C.

FortiGate C&C Detection in SOC View 6.4.3

The IOC scan feature has been enhanced to allow FortiAnalyzer to include FortiGate C&C detection in Compromised Hosts in the SOC View.

To view C&C attack logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected.

    The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

  3. Drilldown to view the log details. C&C logs will have an Attack Name matching *.Botnet.

To view C&C message logs:
  1. Go to FortiView > Compromised Hosts.
  2. Under Verdict, click Infected. The C&C events have a Detect Method of detected-by-fgt and Log Type of attack.

    \

  3. Drilldown to see the log details. The C&C logs appear under Message as Botnet C&C.