Default Schedule Default 2018 07-17-000100

FortiGate Daily Security Report
Report Date: 2018-07-17
Data Range: 2018-07-15 23:30 -- 2018-07-16 23:29 GMT+5:30 (BTHOFW)
Fortinet Inc. All Rights Reserved. Created on Jul 17,2018 00:01

Table of Contents
Bandwidth and Applications...................................................................................................................................... 1

Bandwidth......................................................................................................................................................................... 1
Number of Sessions.......................................................................................................................................................... 1
Traffic Statistics................................................................................................................................................................. 2
Top Applications by Bandwidth......................................................................................................................................... 2
Top Application Categories by Bandwidth........................................................................................................................ 2
Top Users by Bandwidth................................................................................................................................................... 3
Number of Active Users.................................................................................................................................................... 3
Top Destinations by Bandwidth........................................................................................................................................ 3
Web Usage............................................................................................................................................................... 4
Top Allowed Websites...................................................................................................................................................... 4
Top Websites by Bandwidth............................................................................................................................................. 4
Top Blocked Websites...................................................................................................................................................... 4
Top Users by Blocked Requests....................................................................................................................................... 5
Top Users by Requests.................................................................................................................................................... 5
Top Users by Bandwidth................................................................................................................................................... 5
Top Video Streaming Web Sites by Bandwidth................................................................................................................ 6
Emails....................................................................................................................................................................... 7
Top Senders by Number of Emails................................................................................................................................... 7
Top Senders by Combined Email Size............................................................................................................................. 7
Top Recipients by Number of Emails................................................................................................................................ 7
Top Recipients by Combined Email Size.......................................................................................................................... 7
Threats...................................................................................................................................................................... 8
Malware Detected............................................................................................................................................................. 8
Malware Victims................................................................................................................................................................ 8
Malware Sources.............................................................................................................................................................. 8
Malware History................................................................................................................................................................ 8
Botnet Detected................................................................................................................................................................ 8
Botnet Victims................................................................................................................................................................... 8
Botnet C&C....................................................................................................................................................................... 9
Botnet History................................................................................................................................................................... 9
Intrusions Detected........................................................................................................................................................... 9
Intrusion Victims................................................................................................................................................................ 9
Intrusion Sources.............................................................................................................................................................. 11
Intrusions Blocked............................................................................................................................................................. 13
Intrusions By Severity....................................................................................................................................................... 14
Intrusion History................................................................................................................................................................ 14
FortiGate Daily Security Report - Host Name: BTHOFW

VPN Usage............................................................................................................................................................... 15
Site-to-Site IPSec Tunnels by Bandwidth......................................................................................................................... 15
Client-to-Site IPSec Tunnels by Bandwidth...................................................................................................................... 15
SSL-VPN Tunnel Users by Bandwidth.............................................................................................................................. 15
SSL-VPN Web Mode Users by Bandwidth....................................................................................................................... 15
Admin Login and System Events.............................................................................................................................. 16

Admin Login Summary...................................................................................................................................................... 16
List of Failed Logins.......................................................................................................................................................... 16
System Events.................................................................................................................................................................. 16

Sessions Bandwidth (bit/s)
0K
20K
40K
60K
80K
100K
120K
140K
160K
180K
200K
23
0K
600K
1200K
1800K
2400K
3000K
3600K
4200K
4800K
5400K
6000K
Bandwidth
:0 23
0 :0
0
00
:0 00
0 :0
0
Number of Sessions
01
:0 01
0 :0
0
02 02
:0
0 :0
0
03 03
:0
0 :0
0
04 04
:0
0 :0
0
05 05
:0
Bandwidth and Applications
0 :0
0

06 06
:0 :0
0 0
07 07
:0 :0
0 0
08 08
:0 :0
0 0
09 09
:0 :0
0 0
10 10
:0 :0
0 0
11 11
:0 :0
0 0
12 12
:0 :0
0 0
13 13
:0 :0
0 0
14 14
:0 :0
0 0
15 15
:0 :0
0 0
16 16
:0 :0
0 0
17 17
:0 :0
0 0
18 18
:0 :0
0 0
19 19
:0 :0
0 0
20 20
:0 :0
Traffic Out
0 0
21 21
:0 :0
0 0
22 22
Traffic In
:0 :0
0 0
Page 1 of 16
Traffic Statistics
Summary Stats
Total Sessions 1.4 M
Total Bytes In: 13.0 GB Out: 3.1 GB
Average Sessions Per Hour 58.4 K
Average Bytes Per Hour In: 553.8 MB Out: 130.5 MB
Most Active Hour By Sessions 2018-07-16 11:00
Total Users 7.9 K
Total Applications 5.0 K
Total Destinations 5.9 K
Top Applications by Bandwidth

Application Traffic Out Traffic In Sessions
HTTP.BROWSER 3.5 GB 18.4 K
HTTPS 2.4 GB 42.9 K
HTTPS.BROWSER 2.0 GB 37.6 K
tcp/1352 1.7 GB 684
AnyDesk 1.4 GB 53
IMAPS 1.2 GB 76
HTTP 758.5 MB 25.6 K
IBM.Notes 635.8 MB 613
TrendMicro.WFBS 250.2 MB 12.5 K
QUIC 125.5 MB 442
Top Application Categories by Bandwidth

Application Category Traffic Out Traffic In Sessions
unscanned 6.6 GB 1.2 M
Web.Client 5.6 GB 55.9 K
Remote.Access 1.4 GB 66
Email 1.2 GB 204
Collaboration 688.4 MB 658
Cloud.IT 250.2 MB 12.5 K
Network.Service 190.4 MB 20.5 K
Update 141.8 MB 29.2 K
General.Interest 7.2 MB 626
unknown 5.6 MB 22.3 K
FortiGate Daily Security Report - Host Name: BTHOFW Page 2 of 16

Top Users by Bandwidth
User Host Traffic Out Traffic In Sessions
131.107.2.219 KeshavBinani-NB 1.6 GB 937
131.107.1.166 00:1d:7d:55:35:75 1.5 GB 3.0 K
131.107.1.116 Arvinds-MBP 1.2 GB 500
192.168.5.18 192.168.5.18 1.2 GB 3.6 K
192.168.5.12 192.168.5.12 1.1 GB 12.0 K
192.168.5.22 192.168.5.22 573.9 MB 2.1 K
192.168.5.26 192.168.5.26 546.9 MB 2.1 K
192.168.5.32 192.168.5.32 529.4 MB 9.5 K
131.107.2.177 AmitKarmakar-PC 511.7 MB 218
192.168.5.20 192.168.5.20 440.8 MB 1.4 K
Number of Active Users

800
720
640
560
Active Users
480
400
320
240
160
80
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
23
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Top Destinations by Bandwidth
Hostname (or IP) Traffic Out Traffic In Sessions
161.202.13.194 2.3 GB 1.2 K
138.201.124.91 1.5 GB 9
144.76.12.115 1.2 GB 5
74.125.68.109 619.6 MB 24
23.57.202.204 529.8 MB 4.1 K
172.217.194.108 520.7 MB 33
8.253.181.235 304.2 MB 2
23.206.202.197 274.5 MB 561
64.185.181.238 270.4 MB 2.1 K
17.253.83.203 265.0 MB 1

Web Usage
Top Allowed Websites
Website Requests
google.com 53
airtel.in 17
naukri.com 15
213.227.168.146 6
213.227.185.133 6
217.146.4.135 6
159.122.182.197 5
161.156.67.98 5
178.255.155.171 5
217.146.14.132 5
Top Websites by Bandwidth

Website Traffic Out Traffic In
google.com 95.5 MB
ksmobile.com 257.0 KB
rediff.com 211.1 KB
digicert.com 195.3 KB
googlesyndication.com 94.7 KB
foxitcloud.com 65.4 KB
computerkolkata.com 57.0 KB
accessunstop.com 51.6 KB
naukri.com 45.1 KB
flipkart.net 41.5 KB
Top Blocked Websites

Website Requests
digicert.com 503
ksmobile.com 475
rediff.com 260
googlesyndication.com 200
accessunstop.com 141
utorrent.com 55
xiaomi.net 43
twitter.com 42
flipkart.net 41
104.244.14.252 39

Top Users by Blocked Requests
User(or IP) Hostname(MAC) Requests
kapilbanerjee$ kapilbanerjee 148
131.107.1.24 Itsupport-PC 141
192.168.5.11 192.168.5.11 121
131.107.2.10 RedmiNote5-Redmi 115
192.168.5.22 192.168.5.22 103
192.168.5.32 192.168.5.32 84
131.107.1.41 SarangJuthani-NB 65
131.107.2.187 subha-pc 53
192.168.5.14 192.168.5.14 52
131.107.1.80 JambuAgrawal-PC 42
Top Users by Requests

User(or IP) Hostname(MAC) Requests
192.168.5.11 192.168.5.11 190
kapilbanerjee$ kapilbanerjee 148
131.107.1.24 Itsupport-PC 141
131.107.2.10 RedmiNote5-Redmi 115
192.168.5.22 192.168.5.22 103
192.168.5.32 192.168.5.32 99
131.107.1.41 SarangJuthani-NB 65
131.107.2.187 subha-pc 53
192.168.5.14 192.168.5.14 53
192.168.5.30 192.168.5.30 44
Average Usage of Top 10 101
Top Users by Bandwidth

User(or IP) Hostname(Mac) Traffic Out Traffic In
192.168.5.30 192.168.5.30 95.5 MB
192.168.5.11 192.168.5.11 141.7 KB
131.107.2.10 RedmiNote5-Redmi 106.4 KB
kapilbanerjee$ kapilbanerjee 82.9 KB
192.168.5.14 192.168.5.14 79.0 KB
192.168.5.32 192.168.5.32 69.9 KB
131.107.1.24 Itsupport-PC 51.6 KB
192.168.5.22 192.168.5.22 43.2 KB
192.168.5.48 192.168.5.48 37.8 KB
131.107.1.41 SarangJuthani-NB 32.9 KB
Average Usage of Top 10 9.6 MB

Top Video Streaming Web Sites by Bandwidth
% Website Traffic Out Traffic In

58.2% convertfiles.com 9.4 KB
34.4% apple.com 5.5 KB
2.9% fwmrm.net 479 B
2.6% dmcdn.net 432 B
1.9% netflix.com 307 B

Emails
Top Senders by Number of Emails
Sender Number of Emails
No matching log data for this report
Top Senders by Combined Email Size

Sender Bandwidth
Top Recipients by Number of Emails

Recipient Number of Emails
Top Recipients by Combined Email Size

Recipient Bandwidth

Threats
Malware Detected
# Malware Name Malware Type Occurrence
Malware Victims
# Victim Occurrence
Malware Sources
# Malware Source Host Name Counts
Malware History
10
6
# of Viruses
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
23
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
Botnet Detected 22
# Botnet Name Counts

Botnet Victims
# Victim Name Counts

Botnet C&C
# C & C IP Host Name Counts
Botnet History
10
6
# of Botnet
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
23
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Intrusions Detected
# Intrusion Name Counts
1 TCP.Overlapping.Fragments 670
2 Traceroute 340
3 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 56
4 TCP.Out.Of.Range.Timestamp 4
5 Zivif.PR115-204-P-RS.Web.Cameras.Hardcoded.Password 4
6 Avahi.NULL.UDP.Packet.DoS 2
7 HTTP.Null.Session 2
8 PHP.memory.limit.Code.Execution 1
9 TCP.Bad.Option.Length 1
10 TCP.Stealth.Activity 1
Intrusion Victims
# Intrusion Victim Counts
1 150.70.178.32 288
2 45.113.192.101 86
3 115.113.196.180 66
4 172.217.166.99 30
5 104.244.42.129 29
6 172.217.160.132 29
7 172.217.26.164 29

Intrusion Victims (contd)
8 172.217.31.195 29
9 216.58.196.163 29
10 104.244.42.65 28
11 216.58.196.164 28
12 172.217.163.110 19
13 104.124.54.18 13
14 115.113.136.101 13
15 172.217.166.78 10
16 35.154.90.214 10
17 164.100.78.248 9
18 170.194.12.160 8
19 170.194.13.80 8
20 23.57.202.204 7
21 172.217.163.78 6
22 172.217.26.195 6
23 173.222.26.176 6
24 162.247.242.19 5
25 131.107.1.122 4
26 170.194.13.19 4
27 170.194.13.77 4
28 172.217.163.46 4
29 172.217.166.110 4
30 172.217.26.206 4
31 172.217.27.206 4
32 216.58.199.142 4
33 49.44.165.116 4
34 52.114.128.8 4
35 52.229.171.202 4
36 104.244.42.1 3
37 13.94.24.143 3
38 131.107.1.35 3
39 157.240.16.39 3
40 162.247.242.18 3
41 170.194.13.83 3
42 172.217.163.68 3
43 172.217.163.99 3
44 172.217.166.46 3
45 172.217.26.161 3
46 198.185.159.144 3
47 216.58.196.174 3
48 216.58.196.65 3
49 216.58.196.78 3

Intrusion Victims (contd)
50 23.15.108.191 3
51 23.35.34.103 3
52 23.58.70.92 3
53 40.77.229.141 3
54 103.59.140.7 2
55 111.221.29.40 2
56 13.126.106.166 2
57 13.228.51.155 2
58 131.107.1.15 2
59 131.107.1.190 2
60 131.107.1.31 2
61 131.107.2.176 2
62 131.253.61.96 2
63 157.240.23.39 2
64 162.247.242.21 2
65 17.146.232.26 2
66 172.217.163.100 2
67 172.217.163.197 2
68 172.217.166.142 2
69 172.217.27.195 2
70 172.217.31.206 2
71 173.194.52.6 2
72 184.84.111.154 2
73 191.234.72.186 2
74 192.168.5.12 2
75 202.137.235.12 2
76 216.58.203.163 2
77 216.58.203.165 2
78 23.57.219.27 2
79 23.58.50.217 2
80 35.201.123.46 2
Intrusion Sources
# Intrusion Source Counts
1 131.107.1.13 318
2 192.168.5.14 78
3 192.168.5.17 56
4 192.168.5.11 45
5 192.168.5.35 36
6 131.107.1.78 35
7 192.168.5.12 35

Intrusion Sources (contd)
8 192.168.5.16 34
9 192.168.5.27 30
10 192.168.5.18 25
11 192.168.5.20 23
12 192.168.5.21 23
13 192.168.5.15 22
14 192.168.5.38 20
15 192.168.5.36 17
16 192.168.5.23 15
17 167.99.56.215 14
18 192.168.5.40 14
19 131.107.1.145 13
20 192.168.5.26 13
21 192.168.5.33 12
22 192.168.5.13 11
23 138.197.194.48 9
24 120.197.97.27 8
25 131.107.1.17 8
26 185.244.25.208 8
27 131.107.1.195 7
28 192.168.5.39 7
29 131.107.1.116 6
30 131.107.1.66 6
31 178.128.196.251 6
32 182.18.183.147 6
33 192.168.5.25 5
34 192.168.5.31 5
35 192.168.5.47 5
36 5.202.83.148 5
37 115.113.136.101 4
38 131.107.1.207 4
39 192.168.5.30 4
40 131.107.1.97 3
41 192.168.5.19 3
42 192.168.5.22 3
43 192.168.5.28 3
44 192.168.5.32 3
45 192.168.5.41 3
46 192.168.5.46 3
47 192.168.5.48 3
48 206.189.1.234 3
49 217.61.105.67 3

Intrusion Sources (contd)
50 131.107.1.109 2
51 131.107.1.22 2
52 131.107.1.34 2
53 131.107.1.41 2
54 138.68.46.67 2
55 192.168.5.24 2
56 192.168.5.34 2
57 204.79.197.200 2
58 52.229.207.60 2
59 104.20.3.47 1
60 104.211.216.47 1
61 104.215.21.84 1
62 111.91.124.43 1
63 112.90.208.34 1
64 117.213.65.241 1
65 131.107.1.127 1
66 131.107.1.20 1
67 131.107.1.209 1
68 131.107.1.25 1
69 131.107.1.31 1
70 131.107.1.35 1
71 131.107.1.36 1
72 131.107.1.80 1
73 131.107.2.176 1
74 150.70.178.32 1
75 184.105.247.243 1
76 192.168.5.29 1
77 192.168.5.37 1
78 192.168.5.42 1
79 192.168.5.50 1
80 192.168.5.52 1
Intrusions Blocked
1 TCP.Overlapping.Fragments 670
2 Traceroute 340
3 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 56
4 TCP.Out.Of.Range.Timestamp 4
5 Zivif.PR115-204-P-RS.Web.Cameras.Hardcoded.Password 4
6 Avahi.NULL.UDP.Packet.DoS 2
7 HTTP.Null.Session 2

Intrusions Blocked (contd)
8 PHP.memory.limit.Code.Execution 1
9 TCP.Bad.Option.Length 1
10 TCP.Stealth.Activity 1
Intrusions By Severity
% Severity Occurrence
94.3% low 1.0 K
5.6% critical 60
0.2% medium 2
Intrusion History
200
180
160
140
# of Intrusions
120
100
80
60
40
20
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
23
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22

VPN Usage
Site-to-Site IPSec Tunnels by Bandwidth
# Tunnel Duration Traffic Out Traffic In
Client-to-Site IPSec Tunnels by Bandwidth

# User Tunnel Duration Traffic Out Traffic In
SSL-VPN Tunnel Users by Bandwidth

# User IP Traffic Out Traffic In
SSL-VPN Web Mode Users by Bandwidth

# User IP Traffic Out Traffic In

Admin Login and System Events
Admin Login Summary
# User Name Login Interface Total # of Logins Total # of Configuration Changes Total Duration
1 admin https(131.107.1.12) 2 1 04h 13m 48s
2 admin https(221.134.144.150) 1 1 02m 11s
List of Failed Logins

# User Name Login Interface # of Failed Logins
System Events
# Event Name (Description) Severity Counts
1 Configuration changed 2
2 Disk log file deleted 38
3 Files dropped by quarantine daemon 15
4 Disk full 5
5 FortiCloud sandbox daily limit reached 1

Default Schedule Default 2018 07-17-000100

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Default Schedule Default 2018 07-17-000100

Загружено:

Авторское право:

Доступные форматы

FortiGate Daily Security Report

Report Date: 2018-07-17

Data Range: 2018-07-15 23:30 -- 2018-07-16 23:29 GMT+5:30 (BTHOFW)

Fortinet Inc. All Rights Reserved. Created on Jul 17,2018 00:01

Bandwidth and Applications...................................................................................................................................... 1

FortiGate Daily Security Report - Host Name: BTHOFW

Admin Login and System Events.............................................................................................................................. 16

FortiGate Daily Security Report - Host Name: BTHOFW

FortiGate Daily Security Report - Host Name: BTHOFW

Top Applications by Bandwidth

Top Application Categories by Bandwidth

FortiGate Daily Security Report - Host Name: BTHOFW Page 2 of 16

Number of Active Users

FortiGate Daily Security Report - Host Name: BTHOFW Page 3 of 16

Top Websites by Bandwidth

Top Blocked Websites

FortiGate Daily Security Report - Host Name: BTHOFW Page 4 of 16

Top Users by Requests

Top Users by Bandwidth

FortiGate Daily Security Report - Host Name: BTHOFW Page 5 of 16

% Website Traffic Out Traffic In

FortiGate Daily Security Report - Host Name: BTHOFW Page 6 of 16

Top Senders by Combined Email Size

Top Recipients by Number of Emails

Top Recipients by Combined Email Size

FortiGate Daily Security Report - Host Name: BTHOFW Page 7 of 16

# Botnet Name Counts

FortiGate Daily Security Report - Host Name: BTHOFW Page 8 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 9 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 10 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 11 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 12 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 13 of 16

FortiGate Daily Security Report - Host Name: BTHOFW Page 14 of 16

Client-to-Site IPSec Tunnels by Bandwidth

SSL-VPN Tunnel Users by Bandwidth

SSL-VPN Web Mode Users by Bandwidth

FortiGate Daily Security Report - Host Name: BTHOFW Page 15 of 16

2 admin https(221.134.144.150) 1 1 02m 11s

List of Failed Logins

2 Disk log file deleted 38

3 Files dropped by quarantine daemon 15

5 FortiCloud sandbox daily limit reached 1

FortiGate Daily Security Report - Host Name: BTHOFW Page 16 of 16

Вам также может понравиться