Network Attacks
Network Attacks are known attacks detected by the Network Intrusion Protection database. FortiNDR can detect North-South, East-West IPS attacks depending on where NDR sniffer port(s) are placed.
The Network Attacks monitor displays the following information:
Column |
Description |
---|---|
Sensor (Center mode) | The network sensor. Hover over the sensors ID to view the IP Address, Serial number (S/N), Last Sync Time and Status. |
URL Category |
The URL Category |
Attack Name |
The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard. |
Anomaly Severity | The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical). |
Count (Historic) | The total number of times the anomaly was observed. |
Count (Past week) | The total number of times the anomaly was observed during the past week . |
First Timestamp | The timestamp for the first time the anomaly was detected. |
Source Vendor |
The source vendor, such as VMware, Dell Inc or Hewlett Packard. |
To view the attack information:
- Click Explore Attack Name. The Attack Name Information pane displays the following information:
Attack Name The attack name. Description A description of the attack. Impact The impact of the attack on your network. Product List The affected products. CVE List The Common Vulnerabilities and Exposures list. Mitre Attack Technique The Mitre Attack Technique . Click the question mark (?) to view the details about the technique. Recommended Action The recommended actions to mitigate the attack.
For information about muting rules, see NDR Muting. |