Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Analysis

The Analysis page lists the Incidents detected by FortiDeceptor. The detailed Analysis report can be downloaded from the Export to PDF option.

To see the list of Events:
  1. Go to Incident > Analysis.
  2. The following information is shown:
    Severity Severity of the Event is shown as Critical, High, Medium, Low, or Unknown.
    Last Activity Date and time of the last activity.
    Type Type of Event.
    Attacker IP Mask IP mask of the attacker.
    Attacker User User name of the attacker.
    Victim IP IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port from where the attack originated.

    Attacker Type

    The Attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    Download the PCAP files or dumped files, if the deception VM captured network traffic or files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in a table view.

To refresh the data:

Click Refresh to refresh the data.

To export to PDF:
  1. Click Export to PDF.
  2. Click OK to save the PDF.
To mark all items as read:

Newly detected incidents will be displayed in bold to indicate as unread. The rows can be marked as read by expanding the Incident details or by clicking the Mark all as read button.

Analysis

The Analysis page lists the Incidents detected by FortiDeceptor. The detailed Analysis report can be downloaded from the Export to PDF option.

To see the list of Events:
  1. Go to Incident > Analysis.
  2. The following information is shown:
    Severity Severity of the Event is shown as Critical, High, Medium, Low, or Unknown.
    Last Activity Date and time of the last activity.
    Type Type of Event.
    Attacker IP Mask IP mask of the attacker.
    Attacker User User name of the attacker.
    Victim IP IP address of the victim.

    Start

    Date and time when the attack started.

    Attacker Port

    Port from where the attack originated.

    Attacker Type

    The Attacker type is shown as Unknown, Connection, Interaction, or Reconnaissance.

    Victim Port

    Port of the victim.

    Attacker Password

    Password used by the attacker.

    Download File

    Download the PCAP files or dumped files, if the deception VM captured network traffic or files.

    Timeline

    Click Timeline to see the entire timeline of all the Incidents from start to finish.

    Table

    Click Table to see all the Incidents in a table view.

To refresh the data:

Click Refresh to refresh the data.

To export to PDF:
  1. Click Export to PDF.
  2. Click OK to save the PDF.
To mark all items as read:

Newly detected incidents will be displayed in bold to indicate as unread. The rows can be marked as read by expanding the Incident details or by clicking the Mark all as read button.