Need evidence where FortiGate IPS detecting the Covert Malware communication detection.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Tamiltk,
Could you further explain what is occurring? Are there any logs under Log & report -> Security Events -> IPS, about traffic being bypass/blocked?
There wasn't any incident triggered on this subject. I just need an artifact that Fortigate IPS does support Covert Malware communication detection
Hi Tamiltk,
From the IPS signatures' point of view, we have signatures to detect botnet communication, remote access tools, reverse shells, etc. To detect communications over covert channels, make sure an IPS sensor with all signatures is enabled with the default action, as it should detect and/or block these communications.
Please enable deep inspection, as most of the traffic is in the HTTPS protocol and needs to be decrypted.
If you have found a solution, please like and accept it to make it easily accessible to others.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.