Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sean3
New Contributor III

what is compromised host by verdict

hi all,

I happened to find there are compromised host under Security tab of dashboard, why are they here? Are they attacked?

And the host are dynamically displayed. 2 days ago, it displays 2 host, now it displays only 1 host. What are the criteria for this?

How can I remove them from here (to really solve the problem).

Thanks!

Snipaste_2024-07-09_08-17-36.png

3 REPLIES 3
mpapisetty
Staff
Staff

Hi @sean3 ,

This is a list of hosts that are analyzed to be compromised by the security fabric. 

 

More information can be found here - https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/110327/viewing-session-infor...

You could look at all the sessions and the security actions taken based on the inspection to understand what traffic was blocked. 

 

There are also configurable threat weights - https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/250999/log-settings-and-targ... - and these are used to calculate an overall threat score that is then used to mark an endpoint as compromised. 

-Manoj Papisetty
sean3
New Contributor III

thanks mpapisetty for the advice.

so, it does not require to take any specific action, right?

mpapisetty

It depends on the 13 sessions that got blocked. What sort of sessions are these? If they look expected (for example, someone was testing a virus download to test firewall efficacy etc), you can ignore the alert. If not, you will have to look at the host to see if something is indeed compromised and take corrective action. 

-Manoj Papisetty
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors