Automation Stitch:auto.compromised.host is triggered.

Author
fcb
Bronze Member
  • Total Posts : 53
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/06/20 21:01:59
  • Status: offline
2021/04/05 13:03:07 (permalink)
0

Automation Stitch:auto.compromised.host is triggered.

Is this thing just trying to scare me?

FGT[FG200] Automation Stitch:auto.compromised.host is triggered.date=2021-04-05 time=14:21:27 logid="0100022953" type="event" subtype="system" level="warning" vd="root" eventtime=1617646887419280502 tz="-0400" logdesc="Compromised host detected" devid="FG200E4Q17912606" vd="root" msg="IOC detected by FortiAnalyzer" srcip="10.111.12.10"

 

When I look them up on analyzer most are "newly registered domain visited" but some are:

" Traffic to C&C:sync.console.adtarget.com.tr, Traffic path: PolicyID 71\\wan1\\209.205.217.82:443"

 

I understand what that is saying but there are several right now on our network so I also find it hard to imagine that we've really got up to ten hosts infected and talking to a C&C - Hell, we run a pretty tight ship on AV, HIPS, Secureworks, etc.
#1

0 Replies Related Threads

    Jump to:
    © 2021 APG vNext Commercial Version 5.5