Fortinet black logo

Administration Guide

Home FortiNDR 7.4.3 Administration Guide
7.4.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Network Attacks

Network Attacks

Network Attacks are known attacks detected by the Network Intrusion Protection database. FortiNDR can detect North-South, East-West IPS attacks depending on where NDR sniffer port(s) are placed.

The Network Attacks monitor displays the following information:

Column

Description
Sensor (Center mode) The network sensor. Hover over the sensors ID to view the IP Address, Serial number (S/N), Last Sync Time and Status.
URL Category

The URL Category

Attack Name

The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard.

Anomaly Severity The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical).
Count (Historic) The total number of times the anomaly was observed.
Count (Past week) The total number of times the anomaly was observed during the past week .
First Timestamp The timestamp for the first time the anomaly was detected.

Source Vendor

The source vendor, such as VMware, Dell Inc or Hewlett Packard.
To view the attack information:
  • Click Explore Attack Name. The Attack Name Information pane displays the following information:
    Attack NameThe attack name.
    DescriptionA description of the attack.
    ImpactThe impact of the attack on your network.
    Product ListThe affected products.
    CVE List The Common Vulnerabilities and Exposures list.
    Mitre Attack Technique The Mitre Attack Technique . Click the question mark (?) to view the details about the technique.
    Recommended ActionThe recommended actions to mitigate the attack.
Tooltip

For information about muting rules, see NDR Muting.
Previous
Next

Network Attacks

Network Attacks are known attacks detected by the Network Intrusion Protection database. FortiNDR can detect North-South, East-West IPS attacks depending on where NDR sniffer port(s) are placed.

The Network Attacks monitor displays the following information:

Column

Description
Sensor (Center mode) The network sensor. Hover over the sensors ID to view the IP Address, Serial number (S/N), Last Sync Time and Status.
URL Category

The URL Category

Attack Name

The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard.

Anomaly Severity The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical).
Count (Historic) The total number of times the anomaly was observed.
Count (Past week) The total number of times the anomaly was observed during the past week .
First Timestamp The timestamp for the first time the anomaly was detected.

Source Vendor

The source vendor, such as VMware, Dell Inc or Hewlett Packard.
To view the attack information:
  • Click Explore Attack Name. The Attack Name Information pane displays the following information:
    Attack NameThe attack name.
    DescriptionA description of the attack.
    ImpactThe impact of the attack on your network.
    Product ListThe affected products.
    CVE List The Common Vulnerabilities and Exposures list.
    Mitre Attack Technique The Mitre Attack Technique . Click the question mark (?) to view the details about the technique.
    Recommended ActionThe recommended actions to mitigate the attack.
Tooltip

For information about muting rules, see NDR Muting.
Previous
Next