Fortinet black logo

Quarantine Status

Copy Link
Copy Doc ID b101b5a9-4c30-11ea-9384-00505692583a:314728
Download PDF

Quarantine Status

The Fabric > Quarantine Status page displays the status of blocked and quarantined IP addresses. It also lets you manually block or unblock devices. The following options are available:

Refresh

Refresh the page to get the latest data.

Block

Manually send a blocking request for the selected attacker IP addresses.

Unblock

Manually send an unblocking request for the selected attack IP addresses.

The following information is displayed:

Attacker IP

IP addresses of blocked attacker.

Start

Start time of blocking behavior.

End

End time of blocking behavior.

Handler Address

IP address of the integrated FortiGate.

Handler

The integrated device type.

Handle Type

Blocking type, manual, or automatic quarantine.

VDOM

VDOM of the integrated FortiGate.

Blocker Name

Alias of the FortiGate which blocks the Attacker IP address. This is the Name field in Fabric > FortiGate Integration.

Time Remaining

The remaining blocking time.

Status

Current status of the attacker.

Message

Related message for the blocking entry.

IOC Export

Use the Fabric > IOC Export page to export the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.

Quarantine Status

The Fabric > Quarantine Status page displays the status of blocked and quarantined IP addresses. It also lets you manually block or unblock devices. The following options are available:

Refresh

Refresh the page to get the latest data.

Block

Manually send a blocking request for the selected attacker IP addresses.

Unblock

Manually send an unblocking request for the selected attack IP addresses.

The following information is displayed:

Attacker IP

IP addresses of blocked attacker.

Start

Start time of blocking behavior.

End

End time of blocking behavior.

Handler Address

IP address of the integrated FortiGate.

Handler

The integrated device type.

Handle Type

Blocking type, manual, or automatic quarantine.

VDOM

VDOM of the integrated FortiGate.

Blocker Name

Alias of the FortiGate which blocks the Attacker IP address. This is the Name field in Fabric > FortiGate Integration.

Time Remaining

The remaining blocking time.

Status

Current status of the attacker.

Message

Related message for the blocking entry.

IOC Export

Use the Fabric > IOC Export page to export the IOC file in CSV format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident time, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.