Skip to main content
rick777
rick777
New Member
March 15, 2023
Question

What does "Intrusion Victim" in the Fortianalyzer IPS report Mean ?

  • March 15, 2023
  • 3 replies
  • 2200 views

Hi,

After reviewing the Fortinet IPS report for the first time I see multiple counts for both internal IP and external URL (www.) under the sub heading of "Intrusion Victims" .

 

Unlike all the other sub headings such as "Intrusions blocked" and "Intrusions Monitored" from the IPS report which a clear to me the "Intrusion Victims" has me confused. What does it actually mean ? Is it a measure of successful intrusion on the given IP or URL ? or something else all together. 

 

Could someone please assist me in better understanding the true meaning and what cross check is required within what set of logs to determine if its a false positive or not ?

 Thanks Rick.

3 replies

Anthony_E
Staff
Anthony_E
Staff
March 20, 2023

Hello Rick,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony_E
Staff
Anthony_E
Staff
March 20, 2023

Hello Rick,

 

We are still looking for someone to help you.

We will come back to you ASAP.

Anthony_E
Staff
Anthony_E
Staff
March 20, 2023

Hello Rick,

 

I have found this Reddit discussion which can be helpful:

 

https://www.reddit.com/r/fortinet/comments/xzwpt8/does_intrusion_victim_in_a_fortianalyzer_report/

 

Could you please indicate to me if it helped?

 

Regards,

Terms & ConditionsCookie settingsAccessibility statement