Skip to main content
ajones
ajones
New Member
November 18, 2022
Question

FG-VD-08-023-Apple false positives

  • November 18, 2022
  • 4 replies
  • 2315 views

Hello!  Is it possible to review disabling this alert?  In every event that has happened, the customer states that the devices are not even Apple products and you have never updated what the vulnerability actually was https://www.fortiguard.com/encyclopedia/ips/15799  | Any help on this would be appreciated.  Thank you, Mandy

4 replies

Anthony_E
Staff
Anthony_E
Staff
November 21, 2022

Hello Mandy,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
November 24, 2022

Hello Mandy,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Best Regards
ajones
ajonesAuthor
New Member
December 8, 2022

Hi Anthony!  Thanks for still checking in on this.  I've been following along still waiting, as this still seems to be an issue.  

Anthony_E
Staff
Anthony_E
Staff
December 8, 2022

Hello ajones,

 

I do not have answer from my side, I will push.

 

Regards,

Best Regards
Stephen_G
Moderator
Stephen_G
Moderator
December 13, 2022

Hello Mandy,

 

I apologize for the delay in getting an answer for you. There's a solution that may work depending on what the source of the alert is. If the notification is coming from a log message, you may be able to filter out log entries featuring that notification.

 

Can you provide a screenshot of the alert, please? It may be possible to figure out the source.

 

Kind regards,

Stephen

Stephen_G - Fortinet Community Team
    ajones
    ajonesAuthor
    New Member
    April 12, 2023

    Hi Stephen!  I apologize for the incredibly long delay, I didn't see this response before I went on leave.  Hope this helps!  

     

    "fortinet": {
    "event": {
    "severity": 6
    },
    "firewall": {
    "action": "dropped",
    "attack": "FG-VD-08-023-Apple",
    "attackid": "15799",
    "craction": "16384",
    "crlevel": "medium",
    "crscore": "10",
    "dstcountry": "Reserved",
    "dstintfrole": "dmz",
    "eventtype": "signature",
    "incidentserialno": "202071479",
    "sessionid": "76715777",
    "severity": "medium",
    "srccountry": "Reserved",
    "srcintfrole": "dmz",
    "subtype": "ips",
    "type": "utm",
    "vd": "root"

    Terms & ConditionsAccessibility statement