Hey all,
I have syslog configured and receiving all my data beautifully in GrayLog.
What I'm not getting, is any indicator that an IP has been added to Quarantine / Banned IP.
FortiOS 5.6.5
I.E. I received an IPS trigger today from 117.1.189.196, and all I see is the IPS event. The IP is now in banned IP tab, but I want to set up a notification/report of these IPS whenever they are quarantined. Is there a specific facility, or am I missing something?
Thanks.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.