Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sean3
New Contributor III

Created on ‎07-08-2024 05:52 PM

what is compromised host by verdict

hi all,

I happened to find there are compromised host under Security tab of dashboard, why are they here? Are they attacked?

And the host are dynamically displayed. 2 days ago, it displays 2 host, now it displays only 1 host. What are the criteria for this?

How can I remove them from here (to really solve the problem).

Thanks!

Snipaste_2024-07-09_08-17-36.png

648
0 Kudos
3 REPLIES 3
mpapisetty
Staff
Staff

Created on ‎07-08-2024 10:11 PM

Hi @sean3 ,

This is a list of hosts that are analyzed to be compromised by the security fabric. 

 

More information can be found here - https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/110327/viewing-session-infor...

You could look at all the sessions and the security actions taken based on the inspection to understand what traffic was blocked. 

 

There are also configurable threat weights - https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/250999/log-settings-and-targ... - and these are used to calculate an overall threat score that is then used to mark an endpoint as compromised. 

-Manoj Papisetty
619
sean3
New Contributor III
In response to mpapisetty

Created on ‎07-09-2024 01:16 AM

thanks mpapisetty for the advice.

so, it does not require to take any specific action, right?

602
mpapisetty
Staff
Staff
In response to sean3

Created on ‎07-09-2024 03:50 PM

It depends on the 13 sessions that got blocked. What sort of sessions are these? If they look expected (for example, someone was testing a virus download to test firewall efficacy etc), you can ignore the alert. If not, you will have to look at the host to see if something is indeed compromised and take corrective action. 

-Manoj Papisetty
551
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.