FortiAnalyzer Version 3.0 MR3 Administration Guide
116 05-30003-0082-20060925
Security event summaries Traffic summary and security events
Viewing Suspicious activity
The Suspicious Activity page displays any activity that may be considered
suspicious or unusual network traffic.
The FortiAnalyzer unit reviews the Traffic and Session information of the selected
FortiGate units to see the average traffic pattern. The top 30 IP addresses with
traffic that is above average will be considered under suspicion of being viral, and
are included in the report. This can include a high number of sessions to a device,
or the sending of unusually high quantity of email traffic. The report provides you
with easy access to the state of the traffic usage on the network. For details on
configuring the suspicious activity correlation, see “Adding a security event report”
on page 113.
To view intrusion activity, go to Network Summary> Suspicious Activities.
Figure 53: Viewing Suspicious activity
Count The number of intrusion incidents on the network.
Action Select Details to display any additional information for the entry.
The details window displays further details of the virus incidents
including time and date, target and protocol attempt.
Select Acknowledge to reset the attack count to zero for the
intrusion counter. This enables you to verify if the firewall has new
intrusion incidents as well as watch the number of incidents
occurring.
Note: The Suspicious activity reports do not display information on the “Suspicious” virus.
To view virus activity, see “Viewing virus activity” on page 114
.
Intrusion activity
within the last
Select the time frame to view the virus activity.
View Select a device or group of devices.
Traffic Usage Enter the top number of firewall devices to include in the traffic
usage report. The FortiAnalyzer will report on up to 30 addresses.
Total traffic The total amount of data travelling through all firewalls listed.
Firewall The name of the firewall.
Host (Source) The source IP address of the firewall.
Usage (MB) The amount of data in megabytes travelling through the firewall.
Details
Acknowledge
To Next Page
Loading...
Need help?
General