Hello,
I'd like to know if it is possible to include the ISDB name in the FortiGate/FortiAnalyzer traffic logs. I've had access to this information with another vendor and am curious if it can be done with FortiNet.
This log enrichment would be extremely valuable in threat hunting efforts, where traffic can be immediately identified and associated with the source, as opposed seeing an IP that must be manually looked up.
For context, I've had a lot of success identifying compromised hosts and user accounts by simply searching for inbound traffic originating from VPN vendors and commonly-abused US-based cloud hosting providers like Digital Ocean, AWS, etc.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
A given IP can be in more than one, sometime numerous categories, some benign, some malicious
That makes sense and thank you for the reply. In that case I can see why it is probably not possible to do what I am looking for.
I think what I am really looking is if FortiNet had the ability to append the ASN (Name or Number) to routable IPs, and make that available in the logs. I am also working on this with my current SIEM vendor, Logrhythm but unfortunately they do not have similar log enrichment capability.
Hey nateweso,
FortiGate/Fortinet products can't attach ASN information to logs as far as I'm aware, my apologies.
They can however perform reverse lookups on destination IPs and add that information to the logs.
A short KB on the reverse lookup option: https://community.fortinet.com/t5/FortiGate/Technical-Note-Hostname-and-Destination-name-in-traffic-...
I'm not entirely sure if this is in the general direction what you might be looking for.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1560 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.