I have just deployed FortiSIEM and I am now working through the process
of tuning it.I have a rule that is being triggered (Executable file
posting from an external source)to our reverse proxy server. The
commands are known commands of .aspx pages an...
I was wondering if anyone has any suggestions or ideas for adding bad
actor IP addresses to an address group? I receive a list almost every
month in a xls format and would like to just have a time-saving way of
getting them in the group.
I was wondering if someone could enlighten me on the compromised hosts
module in Fortigate. I see several hosts in the list, however, there are
no details that I can see that details as to why it has been deemed as
such. Am I just overlooking somethi...
First of all let me say that I am not a reverse proxy expert but I am
trying to secure our network. Right now I use the VIP option for server
sitting in the DMZ. However, if possible I would like to move to a
reverse proxy option and get rid of all v...
Yes I knew that they had that product however, from what I understand
the Fortigate itself is supposed to do reverse proxying as well. I was
just trying to find someone that may have used it for that purpose
before and how they did it. I really dont ...
No it wasn' t. I thought I had turned off globally when I turned it off
earlier. So, I have now turned it off in those options and we will see
if the notifications stop. Thanks again for your help everyone.
These are the AV options from the CLI FG300B3909601246 (**********) #
get name : ************* comment : replacemsg-group : inspection-mode :
flow-based scan-botnet-connections: block ftgd-analytics : disable http:
options : scan quarantine archive-b...
The notification is being sent by the FG. The only event setup in the
FAZ is a high memory event. The notifications look like this when they
come to me in an email. " Message meets Alert condition File Block
Detected: iR3245_Series_HTML PC_02262014.e...
