Device doing brute force SSH attacks . Format the device or do a deeper dive into the root cause?
I found out our IP was banned and after looking at the logs in FortiGate I saw a raspberry pi doing SSH attacks per below. I unplugged it from the network as I could not even log into it. Seems the virus was clever enough to change the password. Any point to doing a deeper dive into how this happened or find out what IP the virus was trying to communicate with? If not, I will reinstall the OS on that device and start from scratch.
The question you are asking isn't really a Fortinet-specific question. It's a general cybersecurity question and no one here can really answer it for you. It depends on you and your environment and whether you need to know those details or not and what kind of risk appetite you have for something like that (or worse) happening again.
For example, if you just wipe the device and re-install, whatever attack vector existed before likely still exists.
Up to you really how you want to approach this, though.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.