Finding FortiGate C&C detection logs
FortiGate detected botnet events while performing an IOC scan. The administrator wants to view the C&C and logs with SOC view in Compromised Hosts.
To view C&C detection logs:
- Go to FortiView > Threats > Compromised Hosts.
- In the main view, right-click an entry and select Blocklist, or double-click an entry. The Blocklist is displayed. C&C detection logs have the following values:
Column Value Threat Name *.Botnet
(for example,Asprox.Botnet
)Detect Method detected-by-fgt
Log Type attack
- In the Blocklist drill-down view, double-click an entry to view related logs. Log View is displayed.
C&C detection entries appear in either the Attack Name or Message columns with one of the following values:
Column Value Attack Name *.Botnet
(for example,Asprox.Botnet
)Message Botnet C&C *
(for example,Botnet C&C Communication
)