Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rick777
New Contributor

What does "Intrusion Victim" in the Fortianalyzer IPS report Mean ?

Hi,

After reviewing the Fortinet IPS report for the first time I see multiple counts for both internal IP and external URL (www.) under the sub heading of "Intrusion Victims" .

 

Unlike all the other sub headings such as "Intrusions blocked" and "Intrusions Monitored" from the IPS report which a clear to me the "Intrusion Victims" has me confused. What does it actually mean ? Is it a measure of successful intrusion on the given IP or URL ? or something else all together. 

 

Could someone please assist me in better understanding the true meaning and what cross check is required within what set of logs to determine if its a false positive or not ?

 Thanks Rick.

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Rick,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Rick,

 

We are still looking for someone to help you.

We will come back to you ASAP.

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Rick,

 

I have found this Reddit discussion which can be helpful:

 

https://www.reddit.com/r/fortinet/comments/xzwpt8/does_intrusion_victim_in_a_fortianalyzer_report/

 

Could you please indicate to me if it helped?

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors