Hello team,
This is a stack with 2 Fortigates 100F (A-P)
We found in "FortiView - Sources", a machine with "30" in the column "Threat score", all the others had 0
When I drill down, I found the following
This was: biserka.xyz (phishing).
I have tried to find any log with more information about this but without luck.
¿Do you know where can I find more information?
Thanks in advance.
Regards,
Damián
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Usually those logs attached to emails and you can find it under security events especially if you have email filter UTM profile attached to firewall policies.
You can also find them under threat logs: Go to Dashboard > Top Threats. The Top Threats monitor displays threats based on the scores in the traffic logs. Double-click a threat to view the summary.
It's also helpful to check IPS UTM security events and anomaly event logs especially if you have DoS policy configured.
Hope this helps.
Usually those logs attached to emails and you can find it under security events especially if you have email filter UTM profile attached to firewall policies.
You can also find them under threat logs: Go to Dashboard > Top Threats. The Top Threats monitor displays threats based on the scores in the traffic logs. Double-click a threat to view the summary.
It's also helpful to check IPS UTM security events and anomaly event logs especially if you have DoS policy configured.
Hope this helps.
Hello FortiArt!!!
Thanks for your response.
Email filter is not even set as visible, so, I have no logs about this.
Now, thanks to you, I could find a log.
In "Top Threats", I selected the threat and going to "View session logs", I could see all the log information.
Application Control
Application Name HTTPS
Protocol 6
Service HTTPS
Data
Received Bytes 0 B
Sent Bytes 256 B
Message URL belongs to a denied category in policy
Action
Action blocked
Security
Level warning
Threat Level High
Threat Score 30
Threat Type Phishing
Other
Log event original timestamp 1726673623854412800
Timezone -0300
Log ID 0316013056
Type utm
Sub Type webfilter
So, I think this was the webfilter, which block the attempt to access this website (Which is phishing)
Do you know if is this possible to send email alerts for this kind of event?
I have many other email alerts, but not for security events.
Regards,
Damián
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.