Fortigate Daily Security Report: Report Date: 2020-06-21 Data Range: Jun 20, 2020 (FW - Sm01)

FortiGate Daily Security Report
Report Date: 2020-06-21
Data Range: Jun 20, 2020 (FW_SM01)
Fortinet Inc. All Rights Reserved. Created on Jun 21,2020 00:01

Table of Contents
Bandwidth and Applications...................................................................................................................................... 1

Bandwidth......................................................................................................................................................................... 1
Number of Sessions.......................................................................................................................................................... 1
Traffic Statistics................................................................................................................................................................. 2
Top Applications by Bandwidth......................................................................................................................................... 2
Top Application Categories by Bandwidth........................................................................................................................ 2
Top Users by Bandwidth................................................................................................................................................... 3
Number of Active Users.................................................................................................................................................... 3
Top Destinations by Bandwidth........................................................................................................................................ 3
Web Usage............................................................................................................................................................... 4
Top Allowed Websites...................................................................................................................................................... 4
Top Websites by Bandwidth............................................................................................................................................. 4
Top Blocked Websites...................................................................................................................................................... 4
Top Users by Blocked Requests....................................................................................................................................... 4
Top Users by Requests.................................................................................................................................................... 4
Top Users by Bandwidth................................................................................................................................................... 4
Top Video Streaming Web Sites by Bandwidth................................................................................................................ 4
Emails....................................................................................................................................................................... 5
Top Senders by Number of Emails................................................................................................................................... 5
Top Senders by Combined Email Size............................................................................................................................. 5
Top Recipients by Number of Emails................................................................................................................................ 5
Top Recipients by Combined Email Size.......................................................................................................................... 5
Threats...................................................................................................................................................................... 6
Malware Detected............................................................................................................................................................. 6
Malware Victims................................................................................................................................................................ 6
Malware Sources.............................................................................................................................................................. 6
Malware History................................................................................................................................................................ 6
Botnet Detected................................................................................................................................................................ 6
Botnet Victims................................................................................................................................................................... 6
Botnet C&C....................................................................................................................................................................... 7
Botnet History................................................................................................................................................................... 7
Intrusions Detected........................................................................................................................................................... 7
Intrusion Victims................................................................................................................................................................ 7
Intrusion Sources.............................................................................................................................................................. 8
Intrusions Blocked............................................................................................................................................................. 9
Intrusions By Severity....................................................................................................................................................... 9
Intrusion History................................................................................................................................................................ 9
FortiGate Daily Security Report - Host Name: FW_SM01

VPN Usage............................................................................................................................................................... 10
Site-to-Site IPSec Tunnels by Bandwidth......................................................................................................................... 10
Client-to-Site IPSec Tunnels by Bandwidth...................................................................................................................... 10
SSL-VPN Tunnel Users by Bandwidth.............................................................................................................................. 10
SSL-VPN Web Mode Users by Bandwidth....................................................................................................................... 10
Admin Login and System Events.............................................................................................................................. 11

Admin Login Summary...................................................................................................................................................... 11
List of Failed Logins.......................................................................................................................................................... 11
System Events.................................................................................................................................................................. 11

Sessions Bandwidth (bit/s)
0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
00
0K
200K
400K
600K
800K
1000K
1200K
1400K
1600K
1800K
2000K
Bandwidth
:0 00
0 :0
0
01
:0 01
0 :0
0
Number of Sessions
02
:0 02
0 :0
0
03
:0 03
0 :0
0
04
:0 04
0 :0
0
05
:0 05
0 :0
0
06 06
:0
0
Bandwidth and Applications
:0
0
07

:0 07
0 :0
0
08 08
:0
0 :0
0
09 09
:0
0 :0
0
10 10
:0 :0
0 0
11 11
:0 :0
0 0
12 12
:0 :0
0 0
13 13
:0 :0
0 0
14 14
:0 :0
0 0
15 15
:0 :0
0 0
16 16
:0 :0
0 0
17 17
:0 :0
0 0
18 18
:0 :0
0 0
19 19
:0 :0
0 0
20 20
:0 :0
0 0
21 21
:0 :0
Traffic Out
0 0
22 22
:0 :0
0 0
23 23
Traffic In
:0 :0
0 0
Page 1 of 11
Traffic Statistics
Summary Stats
Total Sessions 80.1 K
Total Bytes In: 1.9 GB Out: 258.5 MB
Average Sessions Per Hour 3.3 K
Average Bytes Per Hour In: 80.3 MB Out: 10.8 MB
Most Active Hour By Sessions 2020-06-20 12:00
Total Users 74
Total Applications 73
Total Destinations 376
Top Applications by Bandwidth

Application Traffic Out Traffic In Sessions
MS.Windows.Update 1.0 GB 5.8 K
Microsoft.Office.Update 325.5 MB 189
HTTPS.BROWSER 159.6 MB 6.3 K
Apple.Maps 125.5 MB 781
Google.Ads 72.5 MB 155
Microsoft.SharePoint 70.5 MB 88
HTTP.BROWSER 67.3 MB 28.7 K
AnyDesk 63.8 MB 0
Google.Services 62.3 MB 3.9 K
SSL 47.5 MB 11.4 K
Top Application Categories by Bandwidth

Application Category Traffic Out Traffic In Sessions
Update 1.4 GB 6.9 K
General.Interest 271.6 MB 5.5 K
Web.Client 226.8 MB 35.0 K
Collaboration 159.5 MB 5.7 K
Remote.Access 64.0 MB 1.5 K
Network.Service 57.8 MB 23.9 K
Business 14.7 MB 630
Storage.Backup 5.0 MB 340
Cloud.IT 1.4 MB 307
Video/Audio 657.7 KB 49
FortiGate Daily Security Report - Host Name: FW_SM01 Page 2 of 11

Top Users by Bandwidth
User Host Traffic Out Traffic In Sessions
10.80.70.32 10.80.70.32 842.2 MB 3.6 K
10.80.70.28 10.80.70.28 213.2 MB 2.1 K
10.80.70.52 10.80.70.52 149.0 MB 1.4 K
10.80.70.65 10.80.70.65 128.8 MB 1.5 K
192.168.71.150 192.168.71.150 124.3 MB 702
192.168.71.11 192.168.71.11 109.6 MB 5.1 K
10.80.70.87 10.80.70.87 96.2 MB 2.2 K
192.168.71.13 192.168.71.13 93.4 MB 31.9 K
10.80.70.77 10.80.70.77 92.5 MB 1.0 K
10.80.70.101 10.80.70.101 90.3 MB 1.2 K
Number of Active Users

50
45
40
35
Active Users
30
25
20
15
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Top Destinations by Bandwidth
Hostname (or IP) Traffic Out Traffic In Sessions
2.tlu.dl.delivery.mp.microsoft. 637.4 MB 650
11.tlu.dl.delivery.mp.microsoft 304.2 MB 128
officecdn.microsoft.com.edgesui 255.4 MB 88
apple.com 137.1 MB 974
microsoft.com 125.0 MB 4.3 K
veritas.com 105.7 MB 1.4 K
eset.com 98.6 MB 30.7 K
sharepoint.com 70.5 MB 86
2mdn.net 66.8 MB 17
anynet relay 63.8 MB 0

Web Usage
Top Allowed Websites
Website Requests
No matching log data for this report
Top Websites by Bandwidth

Website Traffic Out Traffic In
Top Blocked Websites

Website Requests
Top Users by Blocked Requests

User(or IP) Hostname(MAC) Requests
Top Users by Requests

User(or IP) Hostname(MAC) Requests
Top Users by Bandwidth

User(or IP) Hostname(Mac) Traffic Out Traffic In
Top Video Streaming Web Sites by Bandwidth

Emails
Top Senders by Number of Emails
Sender Number of Emails
Top Senders by Combined Email Size

Sender Bandwidth
Top Recipients by Number of Emails

Recipient Number of Emails
Top Recipients by Combined Email Size

Recipient Bandwidth

Threats
Malware Detected
# Malware Name Malware Type Occurrence
Malware Victims
# Victim Occurrence
Malware Sources
# Malware Source Host Name Counts
Malware History
10
6
# of Viruses
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Botnet Detected 23
# Botnet Name Counts

Botnet Victims
# Victim Name Counts

Botnet C&C
# C & C IP Host Name Counts
Botnet History
10
6
# of Botnet
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Intrusions Detected
# Intrusion Name Counts
1 Backdoor.DoublePulsar 272
2 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 16
3 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 8
4 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 5
5 TCP.Split.Handshake 5
6 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
7 HTTP.Unix.Shell.IFS.Remote.Code.Execution 2
8 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 2
9 Netlink.GPON.Router.formPing.Remote.Command.Injectio 2
10 D-Link.Devices.HNAP.SOAPAction-Header.Command.Exe 1
11 JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execut 1
12 NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code. 1
Intrusion Victims
# Intrusion Victim Counts
1 186.116.7.62 305
2 186.116.7.58 7
3 191.75.176.165 4
4 186.116.7.61 3
5 190.67.249.2 1

Intrusion Sources
# Intrusion Source Counts
1 186.116.85.94 179
2 186.116.3.110 70
3 195.54.160.135 10
4 10.80.70.28 4
5 110.137.176.241 4
6 128.70.185.4 4
7 188.9.32.31 4
8 113.162.84.65 2
9 14.237.68.224 2
10 157.50.131.212 2
11 177.73.98.19 2
12 203.189.253.123 2
13 218.87.254.142 2
14 223.223.146.216 2
15 27.72.80.239 2
16 27.79.16.24 2
17 36.81.4.142 2
18 59.173.13.186 2
19 94.102.51.225 2
20 94.241.128.120 2
21 1.203.161.58 1
22 10.80.70.157 1
23 108.26.234.213 1
24 111.68.103.248 1
25 131.108.4.154 1
26 149.129.221.92 1
27 165.169.235.9 1
28 178.205.174.172 1
29 184.82.31.84 1
30 185.169.19.113 1
31 186.190.224.130 1
32 200.113.231.102 1
33 36.72.80.31 1
34 45.114.85.202 1
35 50.198.14.142 1
36 86.98.67.212 1
37 86.98.74.64 1
38 91.234.62.22 1
39 91.235.101.91 1

Intrusions Blocked
# Intrusion Name Counts
1 Backdoor.DoublePulsar 272
2 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 16
3 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 8
4 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 5
5 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
6 HTTP.Unix.Shell.IFS.Remote.Code.Execution 2
7 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 2
8 Netlink.GPON.Router.formPing.Remote.Command.Injectio 2
9 D-Link.Devices.HNAP.SOAPAction-Header.Command.Exe 1
10 JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execut 1
Intrusions By Severity
% Severity Occurrence
91.9% critical 294
6.6% medium 21
1.6% high 5
Intrusion History
40
36
32
28
# of Intrusions
24
20
16
12
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23

VPN Usage
Site-to-Site IPSec Tunnels by Bandwidth
# Tunnel Duration Traffic Out Traffic In
Client-to-Site IPSec Tunnels by Bandwidth

# User Tunnel Duration Traffic Out Traffic In
SSL-VPN Tunnel Users by Bandwidth

# User IP Traffic Out Traffic In
1 abeltran 186.85.130.72 80.2 MB
2 proveedores 181.142.167.6 49.6 MB
3 jgarzon 186.84.90.27 41.9 MB
4 lsoto 190.157.71.215 39.8 MB
5 bordonez.colex 186.155.17.252 36.6 MB
6 proveedores 190.26.152.215 33.8 MB
7 levargas 186.86.32.177 25.0 MB
8 proveedores 186.83.86.201 24.8 MB
9 iarjona 181.52.21.232 18.1 MB
10 bordonez.colex 190.24.56.46 14.3 MB
11 nquiroga 167.0.156.102 10.7 MB
12 proveedores 190.157.162.252 3.3 MB
13 jgalindo 200.119.40.103 2.3 MB
14 proveedores 186.83.47.113 2.1 MB
15 proveedores 186.84.91.76 2.0 MB
16 proveedores 201.244.114.25 1.5 MB
SSL-VPN Web Mode Users by Bandwidth

# User IP Traffic Out Traffic In

Admin Login and System Events
Admin Login Summary
# User Name Login Interface Total # of Logins Total # of Configuration Changes Total Duration
List of Failed Logins

# User Name Login Interface # of Failed Logins
System Events
# Event Name (Description) Severity Counts
1 Disk log file deleted 4

Fortigate Daily Security Report: Report Date: 2020-06-21 Data Range: Jun 20, 2020 (FW - Sm01)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Fortigate Daily Security Report: Report Date: 2020-06-21 Data Range: Jun 20, 2020 (FW - Sm01)

Hochgeladen von

Copyright:

Verfügbare Formate

FortiGate Daily Security Report

Report Date: 2020-06-21

Data Range: Jun 20, 2020 (FW_SM01)

Fortinet Inc. All Rights Reserved. Created on Jun 21,2020 00:01

Bandwidth and Applications...................................................................................................................................... 1

FortiGate Daily Security Report - Host Name: FW_SM01

Admin Login and System Events.............................................................................................................................. 11

FortiGate Daily Security Report - Host Name: FW_SM01

FortiGate Daily Security Report - Host Name: FW_SM01

Top Applications by Bandwidth

Top Application Categories by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 2 of 11

Number of Active Users

FortiGate Daily Security Report - Host Name: FW_SM01 Page 3 of 11

Top Websites by Bandwidth

Top Blocked Websites

Top Users by Blocked Requests

Top Users by Requests

Top Users by Bandwidth

Top Video Streaming Web Sites by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 4 of 11

Top Senders by Combined Email Size

Top Recipients by Number of Emails

Top Recipients by Combined Email Size

FortiGate Daily Security Report - Host Name: FW_SM01 Page 5 of 11

# Botnet Name Counts

FortiGate Daily Security Report - Host Name: FW_SM01 Page 6 of 11

FortiGate Daily Security Report - Host Name: FW_SM01 Page 7 of 11

FortiGate Daily Security Report - Host Name: FW_SM01 Page 8 of 11

FortiGate Daily Security Report - Host Name: FW_SM01 Page 9 of 11

Client-to-Site IPSec Tunnels by Bandwidth

SSL-VPN Tunnel Users by Bandwidth

SSL-VPN Web Mode Users by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 10 of 11

List of Failed Logins

FortiGate Daily Security Report - Host Name: FW_SM01 Page 11 of 11

Das könnte Ihnen auch gefallen