Traffic summary and security events Security event summaries
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925 115
Viewing Intrusion activity
The Intrusion Activity page correlates all intrusion logs stored on the FortiAnalyzer
unit and produces a report of the overall intrusion activity on the network. The
FortiAnalyzer unit reviews the intrusion logs at a scheduled interval, providing you
with easy access to the intrusion activity on your network. For details on
configuring the intrusion activity correlation, see “Adding a security event report”
on page 113.
To view intrusion activity, go to Network Summary > Intrusion Activities.
Figure 52: Viewing Intrusion activity
Virus activity within
the last
Select the time frame to view the virus activity.
View Select a device or group of devices.
Firewall The name of the firewall.
Host (Source) The source IP address of the firewall.
Virus The name of the virus.
Last Activity The date and time of the last incident of the virus.
Count The number of incidents made by the virus on the network.
Action Select Details to display additional information for the entry. The
details window displays further details of the virus incidents
including time and date, target and protocol attempt.
Select Acknowledge to reset the attack count to zero for the virus.
This enables you to verify if the firewall has new virus incidents, as
well as watch the number of incidents occurring.
Intrusion activity
within the last
Select the time frame to view the virus activity.
View Select a device or group of devices.
Firewall The name of the firewall.
Host (Source) The source IP address of the firewall.
Attack Name The name of the intrusion event The attack name is a link to the
FortiGuard Center. Selecting the link opens the FortiGuard web
site and displays information on the attack from the FortiGuard
database.
Last Activity The date and time of the last intrusion incident.
Details
Acknowledge
To Next Page
Loading...