Skip to main content
nateweso
nateweso
New Member
April 22, 2022
Question

Get ISDB\Internet Service Name in Traffic Logs?

  • April 22, 2022
  • 1 reply
  • 2339 views

Hello,

I'd like to know if it is possible to include the ISDB name in the FortiGate/FortiAnalyzer traffic logs.  I've had access to this information with another vendor and am curious if it can be done with FortiNet.

 

This log enrichment would be extremely valuable in threat hunting efforts, where traffic can be immediately identified and associated with the source, as opposed seeing an IP that must be manually looked up.

 

For context, I've had a lot of success identifying compromised hosts and user accounts by simply searching for inbound traffic originating from VPN vendors and commonly-abused US-based cloud hosting providers like Digital Ocean, AWS, etc.

 

1 reply

jimsokol
jimsokol
New Member
April 22, 2022

A given IP can be in more than one, sometime numerous categories, some benign, some malicious

nateweso
natewesoAuthor
New Member
April 22, 2022

That makes sense and thank you for the reply.  In that case I can see why it is probably not possible to do what I am looking for.

 

I think what I am really looking is if FortiNet had the ability to append the ASN (Name or Number) to routable IPs, and make that available in the logs.  I am also working on this with my current SIEM vendor, Logrhythm but unfortunately they do not have similar log enrichment capability.

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
April 22, 2022

Hey nateweso,

FortiGate/Fortinet products can't attach ASN information to logs as far as I'm aware, my apologies.

They can however perform reverse lookups on destination IPs and add that information to the logs.

A short KB on the reverse lookup option: https://community.fortinet.com/t5/FortiGate/Technical-Note-Hostname-and-Destination-name-in-traffic-and-UTM/ta-p/197188

I'm not entirely sure if this is in the general direction what you might be looking for.

Terms & ConditionsAccessibility statement