Schedule Default 2017 09 01 000100

FortiGate Daily Security Report
Report Date: 2017-09-01
Data Range: Aug 31, 2017 (FG240D4Q16801748)
Fortinet Inc. All Rights Reserved. Created on Sep 01,2017 00:01

Table of Contents
Bandwidth and Applications...................................................................................................................................... 1

Bandwidth......................................................................................................................................................................... 1
Number of Sessions.......................................................................................................................................................... 1
Traffic Statistics................................................................................................................................................................. 2
Top Applications by Bandwidth......................................................................................................................................... 2
Top Application Categories by Bandwidth........................................................................................................................ 2
Top Users by Bandwidth................................................................................................................................................... 3
Number of Active Users.................................................................................................................................................... 3
Top Destinations by Bandwidth........................................................................................................................................ 3
Web Usage............................................................................................................................................................... 4
Top Allowed Websites...................................................................................................................................................... 4
Top Websites by Bandwidth............................................................................................................................................. 4
Top Blocked Websites...................................................................................................................................................... 4
Top Users by Blocked Requests....................................................................................................................................... 5
Top Users by Requests.................................................................................................................................................... 5
Top Users by Bandwidth................................................................................................................................................... 5
Top Video Streaming Web Sites by Bandwidth................................................................................................................ 6
Emails....................................................................................................................................................................... 7
Top Senders by Number of Emails................................................................................................................................... 7
Top Senders by Combined Email Size............................................................................................................................. 7
Top Recipients by Number of Emails................................................................................................................................ 7
Top Recipients by Combined Email Size.......................................................................................................................... 7
Threats...................................................................................................................................................................... 8
Malware Detected............................................................................................................................................................. 8
Malware Victims................................................................................................................................................................ 8
Malware Sources.............................................................................................................................................................. 8
Malware History................................................................................................................................................................ 8
Botnet Detected................................................................................................................................................................ 8
Botnet Victims................................................................................................................................................................... 8
Botnet C&C....................................................................................................................................................................... 9
Botnet History................................................................................................................................................................... 9
Intrusions Detected........................................................................................................................................................... 9
Intrusion Victims................................................................................................................................................................ 9
Intrusion Sources.............................................................................................................................................................. 9
Intrusions Blocked............................................................................................................................................................. 9
Intrusions By Severity....................................................................................................................................................... 10
Intrusion History................................................................................................................................................................ 10
FortiGate Daily Security Report - Host Name: FG240D4Q16801748

VPN Usage............................................................................................................................................................... 11
Site-to-Site IPSec Tunnels by Bandwidth......................................................................................................................... 11
Client-to-Site IPSec Tunnels by Bandwidth...................................................................................................................... 11
SSL-VPN Tunnel Users by Bandwidth.............................................................................................................................. 11
SSL-VPN Web Mode Users by Bandwidth....................................................................................................................... 11
Admin Login and System Events.............................................................................................................................. 12

Admin Login Summary...................................................................................................................................................... 12
List of Failed Logins.......................................................................................................................................................... 12
System Events.................................................................................................................................................................. 13

Sessions Bandwidth (bit/s)
0K
200K
400K
600K
800K
1000K
1200K
1400K
1600K
1800K
2000K
0K
200K
400K
600K
800K
1000K
1200K
1400K
1600K
1800K
2000K
Bandwidth
00 00
:0 :0
0 0
01 01
:0 :0
0 0
Number of Sessions
02 02
:0 :0
0 0
03 03
:0 :0
0 0
04 04
:0 :0
0 0
05 05
:0 :0
0 0
06 06
Bandwidth and Applications
:0 :0
0 0
07 07
:0 :0
0 0
08 08
:0 :0
0 0

09 09
:0 :0
0 0
10 10
:0 :0
0 0
11 11
:0 :0
0 0
12 12
:0 :0
0 0
13 13
:0 :0
0 0
14 14
:0 :0
0 0
15 15
:0 :0
0 0
16 16
:0 :0
0 0
17 17
:0 :0
0 0
18 18
:0 :0
0 0
19 19
:0 :0
0 0
20 20
:0 :0
0 0
21 21
:0 :0
Traffic Out
0 0
22 22
:0 :0
0 0
23 23
Traffic In
:0 :0
0 0
Page 1 of 13
Traffic Statistics
Summary Stats
Total Sessions 10.8 M
Total Bytes In: 2.8 GB Out: 195.7 MB
Average Sessions Per Hour 450.1 K
Average Bytes Per Hour In: 121.5 MB Out: 8.2 MB
Most Active Hour By Sessions 2017-08-31 15:00
Total Users 182
Total Applications 61
Total Destinations 17.3 K
Top Applications by Bandwidth

Application Traffic Out Traffic In Sessions
Google.Services 802.8 MB 18.4 K
HTTP.BROWSER 772.4 MB 19.5 K
MS.Windows.Update 616.2 MB 379
Microsoft.Office.Update 347.9 MB 21
HTTP.Segmented.Download 325.2 MB 762
Apt-Get 129.2 MB 41
HTTPS 59.0 MB 6.2 K
Ubuntu.Update 15.5 MB 11
WebDAV 12.1 MB 3.2 K
Avast.Update 6.5 MB 10
Top Application Categories by Bandwidth

Application Category Traffic Out Traffic In Sessions
Update 1.1 GB 625
General.Interest 811.3 MB 20.1 K
Web.Client 772.8 MB 19.7 K
Network.Service 337.5 MB 4.0 K
unknown 59.2 MB 6.3 K
Collaboration 7.1 MB 5.3 K
Botnet 1.8 MB 414
Storage.Backup 1.7 MB 337
Social.Media 1.5 MB 639
Video/Audio 584.0 KB 137
FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 2 of 13

Top Users by Bandwidth
User Host Traffic Out Traffic In Sessions
192.168.1.96 192.168.1.96 864.3 MB 469
192.168.3.240 192.168.3.240 820.7 MB 446.7 K
192.168.1.194 192.168.1.194 354.9 MB 198.0 K
192.168.2.108 192.168.2.108 145.1 MB 55
192.168.1.126 192.168.1.126 100.9 MB 277
192.168.2.233 192.168.2.233 88.5 MB 746
192.168.3.198 192.168.3.198 65.3 MB 262
192.168.3.250 192.168.3.250 56.2 MB 209
192.168.1.177 192.168.1.177 41.6 MB 1.9 M
192.168.2.13 192.168.2.13 38.6 MB 1.6 K
Number of Active Users

200
180
160
140
Active Users
120
100
80
60
40
20
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Top Destinations by Bandwidth
Hostname (or IP) Traffic Out Traffic In Sessions
google.com 670.6 MB 16.0 K
windowsupdate.com 616.4 MB 431
gvt1.co 548.8 MB 197
edgesuite.net 347.1 MB 42
foxitsoftware.com 246.7 MB 4
debian.gtisc.gatech.edu 106.2 MB 44
googlevideo.com 77.6 MB 10
maps.googleapis.com 75.5 MB 1.6 K
gvt1.com 52.3 MB 593
debian.org 38.8 MB 11

Web Usage
Top Allowed Websites
Website Requests
maps.googleapis.com 7.0 K
windowsupdate.com 2.8 K
gvt1.com 2.2 K
microsoft.com 1.7 K
google.com 1.6 K
edgesuite.net 1.4 K
sunat.gob.pe 1.2 K
amazonaws.com 1.1 K
eagleeyes.tw 850
buscandope.com 840
Top Websites by Bandwidth

Website Traffic Out Traffic In
edgesuite.net 119.5 GB
windowsupdate.com 86.5 GB
gvt1.com 6.9 GB
debian.gtisc.gatech.edu 1.8 GB
microsoft.com 297.4 MB
maps.googleapis.com 289.2 MB
google.com 158.5 MB
claro.com.pe 138.3 MB
avast.com 90.4 MB
sunat.gob.pe 76.9 MB
Top Blocked Websites

Website Requests
google.com 9.9 K
52.71.185.125 1.8 K
54.172.131.220 1.3 K
stafftest.ru 727
hrtests.ru 646
profetest.ru 612
qptest.ru 612
testpsy.ru 612
iqtesti.ru 558
wpad 252

Top Users by Blocked Requests
User(or IP) Hostname(MAC) Requests
192.168.3.70 192.168.3.70 2.5 K
192.168.3.71 192.168.3.71 1.8 K
192.168.1.66 192.168.1.66 1.5 K
192.168.3.75 192.168.3.75 1.5 K
192.168.1.177 192.168.1.177 976
192.168.2.173 192.168.2.173 914
192.168.2.185 192.168.2.185 867
192.168.1.87 192.168.1.87 821
192.168.3.240 192.168.3.240 787
192.168.2.227 192.168.2.227 786
Top Users by Requests

User(or IP) Hostname(MAC) Requests
192.168.1.194 192.168.1.194 3.5 K
192.168.1.127 192.168.1.127 2.7 K
192.168.1.96 192.168.1.96 2.6 K
192.168.3.70 192.168.3.70 2.5 K
192.168.3.240 192.168.3.240 1.9 K
192.168.3.71 192.168.3.71 1.8 K
192.168.1.66 192.168.1.66 1.5 K
192.168.1.177 192.168.1.177 1.5 K
192.168.3.75 192.168.3.75 1.5 K
192.168.3.203 192.168.3.203 1.1 K
Average Usage of Top 10 2.1 K
Top Users by Bandwidth

User(or IP) Hostname(Mac) Traffic Out Traffic In
192.168.1.194 192.168.1.194 119.8 GB
192.168.1.96 192.168.1.96 87.0 GB
192.168.3.240 192.168.3.240 2.3 GB
192.168.1.126 192.168.1.126 2.0 GB
192.168.2.108 192.168.2.108 1.8 GB
192.168.3.198 192.168.3.198 1004.1 MB
192.168.3.250 192.168.3.250 980.9 MB
192.168.3.110 192.168.3.110 156.0 MB
192.168.1.177 192.168.1.177 116.8 MB
192.168.3.205 192.168.3.205 94.6 MB
Average Usage of Top 10 21.5 GB

Top Video Streaming Web Sites by Bandwidth
% Website Traffic Out Traffic In

78.4% spotxchange.com 18.4 KB
18.0% microsoft.com 4.2 KB
3.6% cmbestsrv.com 857 B

Emails
Top Senders by Number of Emails
Sender Number of Emails
No matching log data for this report
Top Senders by Combined Email Size

Sender Bandwidth
Top Recipients by Number of Emails

Recipient Number of Emails
Top Recipients by Combined Email Size

Recipient Bandwidth

Threats
Malware Detected
# Malware Name Malware Type Occurrence
Malware Victims
# Victim Occurrence
Malware Sources
# Malware Source Host Name Counts
Malware History
10
6
# of Viruses
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Botnet Detected 23
# Botnet Name Counts

Botnet Victims
# Victim Name Counts

Botnet C&C
# C & C IP Host Name Counts
Botnet History
10
6
# of Botnet
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Intrusions Detected
# Intrusion Name Counts
Intrusion Victims
# Intrusion Victim Counts
Intrusion Sources
# Intrusion Source Counts
Intrusions Blocked
# Intrusion Name Counts

# of Intrusions
0
1
2
3
4
5
6
7
8
9
10
00
:0
0
01
:0
0
Intrusion History
02
:0
0
Intrusions By Severity
03
:0
0
04
:0
0
05
:0
0
06
:0
0
07
:0
0
08
:0
0

09
:0
0
10
:0
0
11
:0
0
12
:0
0
13
:0
0
14
:0
0
15
:0
0
16
:0
0
17
:0
0
18
:0
0
19
:0
0
20
:0
0
21
:0
0
22
:0
0
23
:0
0
Page 10 of 13
VPN Usage
Site-to-Site IPSec Tunnels by Bandwidth
# Tunnel Duration Traffic Out Traffic In
Client-to-Site IPSec Tunnels by Bandwidth

# User Tunnel Duration Traffic Out Traffic In
SSL-VPN Tunnel Users by Bandwidth

# User IP Traffic Out Traffic In
1 juanjo 181.176.75.117 8.0 MB
2 supervisortct 181.233.197.24 859.2 KB
3 juanjo 190.117.174.187 239.4 KB
SSL-VPN Web Mode Users by Bandwidth

# User IP Traffic Out Traffic In

Admin Login and System Events
Admin Login Summary
# User Name Login Interface Total # of Logins Total # of Configuration Changes Total Duration
1 MARTINEZ https(192.168.3.56) 8 1 02h 05m 11s
2 MARTINEZ https(191.98.147.137) 2 1 41m 48s
5 MARTINEZ jsconsole 1 0 05m 50s
List of Failed Logins

# User Name Login Interface # of Failed Logins
1 root ssh(113.195.145.79) 25
2 root ssh(59.63.188.36) 4
3 admin ssh(121.14.7.244) 3
4 root ssh(27.157.14.176) 3
5 root ssh(98.234.27.7) 3
6 admin ssh(103.71.96.86) 2
7 admin ssh(113.124.141.48) 2
8 admin ssh(116.231.57.98) 2
9 admin ssh(154.16.149.35) 2
10 admin ssh(201.144.84.82) 2
11 admin ssh(45.4.251.192) 2
12 admin ssh(59.96.190.45) 2
13 admin ssh(60.185.49.239) 2
14 backuppc ssh(185.6.57.30) 2
15 castis ssh(185.6.57.30) 2
16 mythtv ssh(5.196.20.235) 2
17 nobody ssh(203.110.245.30) 2
18 root ssh(101.250.213.242) 2
19 root ssh(116.232.214.93) 2
20 root ssh(122.237.254.83) 2
21 root ssh(171.78.234.98) 2
22 root ssh(181.211.225.146) 2
23 root ssh(181.26.0.138) 2
24 root ssh(181.27.162.239) 2
25 root ssh(201.177.137.204) 2
26 root ssh(40.69.164.199) 2
27 root ssh(84.200.113.169) 2
28 root ssh(94.70.165.163) 2
29 support ssh(191.96.249.82) 2
30 test4 ssh(185.6.57.30) 2
31 ubnt ssh(60.182.229.255) 2

List of Failed Logins (contd)
# User Name Login Interface # of Failed Logins
32 0101 ssh(91.197.232.108) 1
33 0101 ssh(91.197.232.11) 1
34 0 ssh(91.197.232.108) 1
35 0 ssh(91.197.232.11) 1
36 MARTINEZ https(192.168.3.56) 1
37 activemq ssh(166.62.127.248) 1
38 admin ssh(163.172.223.87) 1
39 admin ssh(163.172.67.180) 1
40 admin ssh(178.20.55.16) 1
41 admin ssh(182.243.102.248) 1
42 admin ssh(5.196.20.235) 1
43 admin ssh(87.106.173.100) 1
44 cam ssh(96.33.76.87) 1
45 martinez https(192.168.3.56) 1
46 newuser ssh(124.93.230.204) 1
47 pi ssh(5.54.157.11) 1
48 pi ssh(78.198.69.64) 1
49 pi ssh(78.233.101.180) 1
50 pi ssh(94.72.4.189) 1
51 pi ssh(95.151.75.180) 1
52 root ssh(119.14.160.126) 1
53 root ssh(120.8.242.224) 1
54 root ssh(155.133.82.12) 1
55 root ssh(155.4.234.76) 1
56 root ssh(168.195.3.23) 1
57 root ssh(186.130.91.140) 1
58 root ssh(189.80.120.26) 1
59 root ssh(64.62.250.41) 1
60 root ssh(71.84.119.143) 1
61 scaner ssh(185.6.57.30) 1
62 supervisor ssh(190.49.86.7) 1
63 user ssh(178.129.141.30) 1
64 zabbix ssh(185.6.57.30) 1
System Events
# Event Name (Description) Severity Counts
1 Admin login failed 123
2 Admin login disabled 59
3 Configuration changed 3
4 SNMP query failed 16
5 Disk log file deleted 5

Schedule Default 2017 09 01 000100

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Schedule Default 2017 09 01 000100

Загружено:

Авторское право:

Доступные форматы

FortiGate Daily Security Report

Report Date: 2017-09-01

Data Range: Aug 31, 2017 (FG240D4Q16801748)

Fortinet Inc. All Rights Reserved. Created on Sep 01,2017 00:01

Bandwidth and Applications...................................................................................................................................... 1

FortiGate Daily Security Report - Host Name: FG240D4Q16801748

Admin Login and System Events.............................................................................................................................. 12

FortiGate Daily Security Report - Host Name: FG240D4Q16801748

FortiGate Daily Security Report - Host Name: FG240D4Q16801748

Top Applications by Bandwidth

Top Application Categories by Bandwidth

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 2 of 13

Number of Active Users

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 3 of 13

Top Websites by Bandwidth

Top Blocked Websites

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 4 of 13

Top Users by Requests

Top Users by Bandwidth

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 5 of 13

% Website Traffic Out Traffic In

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 6 of 13

Top Senders by Combined Email Size

Top Recipients by Number of Emails

Top Recipients by Combined Email Size

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 7 of 13

# Botnet Name Counts

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 8 of 13

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 9 of 13

FortiGate Daily Security Report - Host Name: FG240D4Q16801748

Client-to-Site IPSec Tunnels by Bandwidth

SSL-VPN Tunnel Users by Bandwidth

SSL-VPN Web Mode Users by Bandwidth

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 11 of 13

2 MARTINEZ https(191.98.147.137) 2 1 41m 48s

3 MARTINEZ https(192.168.1.52) 1 0 06m 28s

4 MARTINEZ https(192.168.3.5) 1 1 22m 25s

5 MARTINEZ jsconsole 1 0 05m 50s

List of Failed Logins

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 12 of 13

2 Admin login disabled 59

4 SNMP query failed 16

5 Disk log file deleted 5

FortiGate Daily Security Report - Host Name: FG240D4Q16801748 Page 13 of 13

Вам также может понравиться