Hi,
After reviewing the Fortinet IPS report for the first time I see multiple counts for both internal IP and external URL (www.) under the sub heading of "Intrusion Victims" .
Unlike all the other sub headings such as "Intrusions blocked" and "Intrusions Monitored" from the IPS report which a clear to me the "Intrusion Victims" has me confused. What does it actually mean ? Is it a measure of successful intrusion on the given IP or URL ? or something else all together.
Could someone please assist me in better understanding the true meaning and what cross check is required within what set of logs to determine if its a false positive or not ?
Thanks Rick.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Rick,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Rick,
We are still looking for someone to help you.
We will come back to you ASAP.
Hello Rick,
I have found this Reddit discussion which can be helpful:
https://www.reddit.com/r/fortinet/comments/xzwpt8/does_intrusion_victim_in_a_fortianalyzer_report/
Could you please indicate to me if it helped?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.