Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fcb
Contributor

Automation Stitch:auto.compromised.host is triggered.

Is this thing just trying to scare me? FGT[FG200] Automation Stitch:auto.compromised.host is triggered.date=2021-04-05 time=14:21:27 logid="0100022953" type="event" subtype="system" level="warning" vd="root" eventtime=1617646887419280502 tz="-0400" logdesc="Compromised host detected" devid="FG200E4Q17912606" vd="root" msg="IOC detected by FortiAnalyzer" srcip="10.111.12.10"   When I look them up on analyzer most are "newly registered domain visited" but some are: " Traffic to C&C:sync.console.adtarget.com.tr, Traffic path: PolicyID 71\\wan1\\209.205.217.82:443"   I understand what that is saying but there are several right now on our network so I also find it hard to imagine that we've really got up to ten hosts infected and talking to a C&C - Hell, we run a pretty tight ship on AV, HIPS, Secureworks, etc.
0 REPLIES 0
Labels
Top Kudoed Authors