Session tab
The Session tab lists all the sessions related to the same anomaly type (such as Network Attacks and Encrypted Attack). Each row is an anomaly event. Sessions with multiple anomaly events under the same anomaly type will have multiples rows with the same session ID.
By default, the Session tab displays the following information:
Column | Description |
---|---|
Open Time | The date and time the session started. |
Anomaly Severity | The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical). |
Src IP | The source IP. |
Source Network |
The source network. You can use this column to filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Dst IP | The destination IP. |
Destination Network | Filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Attack Name | The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard. |
Session Information
Double-click a sessions in the list to view the Session Information page. The following information is displayed:
General |
|
Anomaly |
|
Additional Information |
|
Source Device |
|
Destination Device |
|
View source and destination devices
You can view the source and destination device from the View Device dropdown in the Session tab. The Session tab is available in all the Network Insights monitors except for Device History.
To view the source and destination devices:
- In the Session tab, select a record in the table.
- Click View Device > View Source Device, or View Destination Device. The Information and Malware Host Story tabs are displayed.
View sessions
To view the session page:
- Select a record in the Session tab and click View Session. The Session page opens.
You can use the right-side navigation to move up and down the page. |
The Session page contains the following information:
Anomaly
Session Information
Device Information
Activity
ML Discovery
Detection Information
Mitre Attack
The Mitre Attack widget tracks the number of events that occurred for each MITRE attack tactics category. For more information, see MITRE ATT&CK.