Automation is triggered.

Bronze Member
  • Total Posts : 53
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/06/20 21:01:59
  • Status: offline
2021/04/05 13:03:07 (permalink)

Automation is triggered.

Is this thing just trying to scare me?

FGT[FG200] Automation is time=14:21:27 logid="0100022953" type="event" subtype="system" level="warning" vd="root" eventtime=1617646887419280502 tz="-0400" logdesc="Compromised host detected" devid="FG200E4Q17912606" vd="root" msg="IOC detected by FortiAnalyzer" srcip=""


When I look them up on analyzer most are "newly registered domain visited" but some are:

" Traffic to C&, Traffic path: PolicyID 71\\wan1\\"


I understand what that is saying but there are several right now on our network so I also find it hard to imagine that we've really got up to ten hosts infected and talking to a C&C - Hell, we run a pretty tight ship on AV, HIPS, Secureworks, etc.

0 Replies Related Threads

    Jump to:
    © 2021 APG vNext Commercial Version 5.5