Hello Friends,
I have DNS filter profile and applied on the internet accessing security roles.
I need "if possible" to configure what like a dynamic object group that contains all hosts that are trying to connect to any malicious domain.
is this applicable in fortios? and how please.
Fortios ver. 7.x
TIA,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Ramadan
I think you can do it with automation stitch, using trigger "Compromised Host Quarantine", than as action you may write a script to add the address to the group.
Hope it helps.
Edit: Forgot to mention, for that you also need FortiAnalyzer
That's a feature that requires advanced Network monitoring tools (SIEM).
Something similar can be done (to some extent) when a FortiAnalyzer is configured to collect logs.
You can either set up playbooks in FAZ, or set up automation stitch to trigger events based on the logs appended by FAZ:
Thank you gentelmen, I think I will pass since I dont have SEIM or fortiAnalyser. at least for time being.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.