Hi
I have created an event handler on FAZ to identify which IP is trying to download the virus and then created a stich on FGT to ban ip of that user, but it does not work when i try to downloaf eicar test virus. The screenshot is my FAZ configuration. Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @rezafathi ,
When you download the eicar test file, is the log created on FortiAnalyzer or not?
If you say yes, is this log id the same as "0211008192" or not?
Also, can you share the automation stitch configuration with us?
Hi
Yes logs is created. And logid is same.
Hello @rezafathi ,
Do you see any count on the Event Handler Events column?
Yes
Hello @rezafathi ,
Do you see the trigger count on your FortiGate?
Also, can you check the ban status with this command?
diagnose user banned-ip list
Yes i see trigger count. And I checked the command but no ip ban.
Hi @rezafathi ,
That interesting. I tried same scnerio on my lab environment, everything works well.
Maybe someone faced with this issue. Also, if you have a active license you can create a case to fortinet support. Support engineer will inspect problem deeply.
Hi
I do not see any trigger count on fortigate. Should i enable central management on fortigate? Because it is disabled.
Hi @rezafathi ,
Ne needs central management configuration. Maybe reconfiguring eventhandler and automation can solve the problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.