Hi,
I have in fortianalyzer multiple critical events with event status "Unhandled" these are mainly connections to C&C hosts most of them are ending with com.tr.
So I have created DNS security profile, with option enabled "Redirect botnet C&C requests to Block Portal" and here I have information that database include 80000 domains in botnet package. More over I have created here DNS static filters to block *.com.tr and other like:
I have applied this dns security profile from lan computers to my active directory server (DNS), and then from active directory server to outside DNS forwarder (DNS google).
So my question is why these connections are not blocked "Mitigated" in Fortianalyzer?
Hello @Tutek,
Botnet and IoC events are generally considered as Unhandled in the Event Logs. Please refer the documentation below to understand the event statuses,
For any further clarifications on this and traffic handled by FortiAnalyzer, you may open a support ticket with our FAZ Team and they will be glad to address them accordingly to you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.