Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rabarbar1
New Contributor

Created on ‎11-06-2023 12:29 AM

How can i find hosts connected to Monero crypto site

Hi.

Fortigate reports in its weekly reports that the monero.cryptocurrency.miner application has had a certain number of sessions open in the past (e.g. 1,790 sessions this week). I would like to trace where this traffic is coming from. How can I do this? In section "Log&report" a cannot find anything.

Clipboard01.jpg

Labels:
413
0 Kudos
2 REPLIES 2
abarushka
Staff
Staff

Created on ‎11-06-2023 01:22 AM

Hello,

 

You may consider to navigate GUI: "Log&Report" -> "Forward Traffic" and use "Application" as filter.

 

application.JPG

FortiGate
397
hbac
Staff
Staff

Created on ‎11-06-2023 01:23 PM

Hi @Rabarbar1,

 

You can check the Forward traffic logs during the same date and time to find the source IP of those connections. 

 

Regards, 

376
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.