Technical Tip: How to view session information for a compromised host
Description
The top compromised hosts can be used by the Verdict widget to view the session information for a compromised host.
This article describes how to view session information for a compromised host.
Scope
FortiGate.
Solution
To view session information for a compromised host from the GUI:
- Go to Dashboard -> Security and expand the top Compromised hosts by the verdict widget.
- Select a compromised host to view the session information. Selecting a compromised host is also possible. Choose one and then select 'View Sessions'.
- Select a session, or select the session and 'View Sessions' to view the information.
It will be necessary to take actions for flags to be cleared.
By default, all log types are selected, and the scan will cover the past 14 days. The maximum recommended number of scan days is calculated based on historical scan speeds, or defaults to 30 days if no previous scans have been done.