Fortinet black logo

Administration Guide

Finding FortiGate C&C detection logs

Finding FortiGate C&C detection logs

FortiGate detected botnet events while performing an IOC scan. The administrator wants to view the C&C and logs with SOC view in Compromised Hosts.

To view C&C detection logs:
  1. Go to FortiView > Compromised Hosts.
  2. In the main view, right-click an entry and select Blocklist, or double-click an entry. The Blocklist is displayed. C&C detection logs have the following values:
    ColumnValue
    Threat Name

    *.Botnet (for example, Asprox.Botnet)

    Detect Methoddetected-by-fgt
    Log Type attack
  3. In the Blocklist drill-down view, double-click an entry to view related logs. Log View is displayed.

    C&C detection entries appear in either the Attack Name or Message columns with one of the following values:

    ColumnValue
    Attack Name*.Botnet (for example, Asprox.Botnet)
    MessageBotnet C&C * (for example, Botnet C&C Communication)

Finding FortiGate C&C detection logs

FortiGate detected botnet events while performing an IOC scan. The administrator wants to view the C&C and logs with SOC view in Compromised Hosts.

To view C&C detection logs:
  1. Go to FortiView > Compromised Hosts.
  2. In the main view, right-click an entry and select Blocklist, or double-click an entry. The Blocklist is displayed. C&C detection logs have the following values:
    ColumnValue
    Threat Name

    *.Botnet (for example, Asprox.Botnet)

    Detect Methoddetected-by-fgt
    Log Type attack
  3. In the Blocklist drill-down view, double-click an entry to view related logs. Log View is displayed.

    C&C detection entries appear in either the Attack Name or Message columns with one of the following values:

    ColumnValue
    Attack Name*.Botnet (for example, Asprox.Botnet)
    MessageBotnet C&C * (for example, Botnet C&C Communication)