Hi all, I found that some hosts are found under Compromised Hosts.
1. Does it mean it is infected by malware? I scanned with AV and got nothing
2. One record show nylon.com is SpywareCnC but I checked it is a fashion website. Is it false alarm?
[link]http://nylon.com[/link]
Thank you!!
You check suspicious websites not on a FGT alone - use the 'net to get a picture what others say about it. If you really know that the rating is wrong you can challenge Fortinet to adjust their rating. Usually it only takes a short time until they respond.
A host may be compromised because of an AV event, but also IPS, Webfilter, SPAM, AppControl...this should be noted in the UTM logs.
Hello,
One questions, do you have a valid IOC license ? Or are you using the demo license?
Cheers
Hi brazz_FTNT ,
In relation to this topic, our FortiAnalyzer uses the Demo one.
And we also have some compromised hosts displayed. But show as blocked.
I see that there is Ack. Im not sure if we need to Acknowledge these.
Thanks for the advise.
Cheers :D
I using demo license only. thanks!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.