Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ajones
New Contributor

FG-VD-08-023-Apple false positives

Hello!  Is it possible to review disabling this alert?  In every event that has happened, the customer states that the devices are not even Apple products and you have never updated what the vulnerability actually was https://www.fortiguard.com/encyclopedia/ips/15799  | Any help on this would be appreciated.  Thank you, Mandy

6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Hello Mandy,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Mandy,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
ajones

Hi Anthony!  Thanks for still checking in on this.  I've been following along still waiting, as this still seems to be an issue.  

Anthony_E
Community Manager
Community Manager

Hello ajones,

 

I do not have answer from my side, I will push.

 

Regards,

Anthony-Fortinet Community Team.
Stephen_G
Moderator
Moderator

Hello Mandy,

 

I apologize for the delay in getting an answer for you. There's a solution that may work depending on what the source of the alert is. If the notification is coming from a log message, you may be able to filter out log entries featuring that notification.

 

Can you provide a screenshot of the alert, please? It may be possible to figure out the source.

 

Kind regards,

Stephen

Stephen - Fortinet Community Team
ajones

Hi Stephen!  I apologize for the incredibly long delay, I didn't see this response before I went on leave.  Hope this helps!  

 

"fortinet": {
"event": {
"severity": 6
},
"firewall": {
"action": "dropped",
"attack": "FG-VD-08-023-Apple",
"attackid": "15799",
"craction": "16384",
"crlevel": "medium",
"crscore": "10",
"dstcountry": "Reserved",
"dstintfrole": "dmz",
"eventtype": "signature",
"incidentserialno": "202071479",
"sessionid": "76715777",
"severity": "medium",
"srccountry": "Reserved",
"srcintfrole": "dmz",
"subtype": "ips",
"type": "utm",
"vd": "root"

Labels
Top Kudoed Authors