What does "Intrusion Victim" in the Fortianalyzer IPS report Mean ?

rick777 · ‎03-15-2023

Hi,

After reviewing the Fortinet IPS report for the first time I see multiple counts for both internal IP and external URL (www.) under the sub heading of "Intrusion Victims" .

Unlike all the other sub headings such as "Intrusions blocked" and "Intrusions Monitored" from the IPS report which a clear to me the "Intrusion Victims" has me confused. What does it actually mean ? Is it a measure of successful intrusion on the given IP or URL ? or something else all together.

Could someone please assist me in better understanding the true meaning and what cross check is required within what set of logs to determine if its a false positive or not ?

Thanks Rick.

Anthony_E · ‎03-19-2023

Hello Rick,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎03-20-2023

Hello Rick,

We are still looking for someone to help you.

We will come back to you ASAP.

Anthony-Fortinet Community Team.

Anthony_E · ‎03-20-2023

Hello Rick,

I have found this Reddit discussion which can be helpful:

https://www.reddit.com/r/fortinet/comments/xzwpt8/does_intrusion_victim_in_a_fortianalyzer_report/

Could you please indicate to me if it helped?

Regards,

Anthony-Fortinet Community Team.

What does "Intrusion Victim" in the Fortianalyzer IPS report Mean ?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website