Scribd
Upload
114 views

Reporte FortiAnalizer

The document provides a security analysis report with information on network traffic, applications, users, threats and VPN usage over a date range. It includes bandwidth usage, top users and destinations, web and email activity, detected malware and intrusions. It also covers admin logins and system events.

Uploaded by

Xavieruko
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
114 views

Reporte FortiAnalizer

The document provides a security analysis report with information on network traffic, applications, users, threats and VPN usage over a date range. It includes bandwidth usage, top users and destinations, web and email activity, detected malware and intrusions. It also covers admin logins and system events.

Uploaded by

Xavieruko
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Security Analysis

Report Date: October 29, 2014 16:14


Data Range: 2014-10-22 00:00 2014-10-28 23:59 CST (FAZ local)

Fortinet Inc. All rights reserved.

Created on October 29, 2014 16:14

Table of Contents
Bandwidth and Applications
Traffic Bandwidth
Number of Sessions
Top Applications by Bandwidth
Top Applications by Sessions
Top Users by Bandwidth
Top Users by Sessions
Top Destination by Bandwidth
Top Destination by Sessions
DHCP Summary
Top Wifi Client by Bandwidth
Traffic History by Number of Active Users

Web Usage
Top 20 Most Active Users
Top 20 Most Visited Categories
Top 50 Most Visited Sites
Top 10 Online Users
Top 10 Categories
Top 50 Sites By Browsing Time
Top 20 Bandwidth Users
Top 20 Categories By Bandwidth
Top 50 Sites (and Category) by Bandwidth
Top 20 Most Blocked Users
Top 20 Most Blocked Categories
Top 50 Most Blocked Sites

Emails
Top Senders by Number of Emails
Top Recipients by Number of Emails
Top Senders by Combined Email Size
Top Recipients by Combined Email Size

Threats
Malware Detected
Malware Victims
Malware Source
Botnet Detected
Botnet Victims
Botnet C&C
Intrusions Detected
Intrusion Victims
Intrusion Sources

VPN Usage
VPN Traffic Usage Trend
VPN User Logins
Authenticated Logins
Failed Login Attempts
Top Dial-up VPN Users
Top Sources of SSL VPN Tunnels by Bandwidth
Top SSL VPN Tunnel Users by Bandwidth
Top SSL VPN Web Mode Users by Bandwidth

Security Analysis - FortiAnalyzer Host Name: FAZVM64

3
3
3
4
4
4
4
5
5
5
5
6

7
7
7
7
7
7
7
7
7
7
8
8
8

9
9
9
9
9

10
10
10
10
10
10
10
10
10
10

11
11
11
11
11
11
11
11
11

page 1 of 15

Top SSL VPN Users by Duration


Top Users of IPsec VPN Dial-up Tunnel by Bandwidth
Top Site-to-Site IPsec Tunnels by Bandwidth
Top Dial-up IPsec Tunnels by Bandwidth
Top Dial-up IPsec Users by Bandwidth
Top Dial-up IPsec Users by Duration

Admin Login and System Events


Login Summary
Login Summary By Date
List of Failed Logins
Events by Severity
Events by Date
Critical Severity Events
High Severity Events
Medium Severity Events

Appendix A
Devices

Security Analysis - FortiAnalyzer Host Name: FAZVM64

11
12
12
12
12
12

13
13
13
13
13
14
14
14
14

15
15

page 2 of 15

Security Analysis - FortiAnalyzer Host Name: FAZVM64


10

10

10

10

10

10

10

10

10

10

-2
8

-2
8

-2
7

-2
7

-2
6

-2
6

-2
5

-2
5

-2
4

-2
4

-2
3

12

00

12

00

12

00

12

00

12

00

12

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

3K

10

4K

5K

:0

6K

Number of Sessions

10

10

10

10

10

10

10

10

10

10

10

10

10

-2
8

-2
8

-2
7

-2
7

-2
6

-2
6

-2
5

-2
5

-2
4

-2
4

-2
3

-2
3

-2
2

12

00

12

00

12

00

12

00

12

00

12

00

12

00

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

Traffic In

800 MB

600 MB

:0

:0

-2
2

Traffic Out

400 MB

00

12

00

10

600 MB

-2
3

-2
2

-2
2

800 MB

10

10

10

Bandwidth and Applications

Traffic Bandwidth

200 MB

200 MB
0

400 MB

Number of Sessions

2K

1K

page 3 of 15

Top Applications by Bandwidth


# Application

Traffic Out Traffic In

Bandwidth

1 HTTP

1.04 GB

2 HTTPS

7.60 MB

3 SSL

2.76 MB

4 DNS

1.17 MB

5 RSH

750.35 KB

6 POP3

481.34 KB

7 PING

389.58 KB

8 Twitter

354.33 KB

9 8443/tcp

296.75 KB

10 10443/tcp

274.19 KB

Top Applications by Sessions


# Application

Sessions

1 DNS

3,777

2 8443/tcp

2,044

3 HTTPS

1,636

4 HTTP

1,100

5 53/udp

1,035

6 SMB

588

7 443/tcp

228

8 8008/tcp

156

9 NBSS

138

10 PING

126

Top Users by Bandwidth


# User(or IP)

Traffic Out Traffic In

Bandwidth

192.168.2.2

1.05 GB

192.168.100.110

3.85 MB

172.16.1.5

2.66 MB

192.168.2.3

1.17 MB

Top Users by Sessions


# User (or IP)

Sessions

192.168.2.2

10,155

172.16.1.5

6,749

192.168.100.110

791

192.168.2.3

317

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 4 of 15

Top Destination by Bandwidth


# Hostname(or IP)

Bandwidth

Traffic Out Traffic In

1 a184-25-63-40.deploy.static.akamaitechnologies.com

963.75 MB

2 a184-25-63-33.deploy.static.akamaitechnologies.com

69.90 MB

3 8.254.64.126

17.68 MB

4 a184-86-155-26.deploy.static.akamaitechnologies.com

4.05 MB

5 96.45.33.106

3.50 MB

6 66.171.121.44

2.26 MB

7 199.96.57.7

1.94 MB

8 192.168.2.3

1.41 MB

9 192.168.1.100

815.38 KB

10 208.91.112.53

778.14 KB

Top Destination by Sessions


# Hostname(or IP)

Sessions

1 192.168.1.100

7,039

2 208.91.112.53

3,188

3 google-public-dns-a.google.com

1,079

4 10.1.15.5

813

5 static-201-151-194-4.alestra.net.mx

612

6 10.1.15.10

498

7 10.1.15.11

496

8 b.resolvers.Level3.net

495

9 www2.twitter.jp

323

10 10.1.0.95

255

DHCP Summary
No matching log data for this report

Top Wifi Client by Bandwidth


No matching log data for this report

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 5 of 15

Security Analysis - FortiAnalyzer Host Name: FAZVM64


10

10

10

10

10

10

10

10

10

10

10

-2
8

-2
8

-2
7

-2
7

-2
6

-2
6

-2
5

-2
5

-2
4

-2
4

-2
3

-2
3

-2
2

-2
2

12

00

12

00

12

00

12

00

12

00

12

00

12

00

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

Active Users

10

10

10

Traffic History by Number of Active Users


4

page 6 of 15

Web Usage
Top 20 Most Active Users
No matching log data for this report

Top 20 Most Visited Categories


No matching log data for this report

Top 50 Most Visited Sites


No matching log data for this report

Top 10 Online Users


# User (or IP)

Browsing Time(hh:mm:ss)

1 192.168.100.110

00:02:55

Top 10 Categories
# Category
1

Browsing Time(hh:mm:ss)

Social Networking

00:02:55

Top 50 Sites By Browsing Time


# Sites

Category

Browsing Time(hh:mm:ss)

1 syndication.twitter.com

Social Networking

00:02:39

2 abs.twimg.com

Social Networking

00:00:11

3 twitter.com

Social Networking

00:00:05

Top 20 Bandwidth Users


# User (or IP)
1

192.168.100.110

Hostname (or MAC)


192.168.100.110

Bandwidth
191.21 KB

Top 20 Categories By Bandwidth


# Category
1

Bandwidth

Social Networking

191.21 KB

Top 50 Sites (and Category) by Bandwidth


No matching log data for this report
Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 7 of 15

Top 20 Most Blocked Users


# User (or IP)
1

Hostname (or MAC)

192.168.100.110

Requests

192.168.100.110

55

Top 20 Most Blocked Categories


# Category
1

Requests

Social Networking

55

Top 50 Most Blocked Sites


# Website

Category

Requests

1 syndication.twitter.com

Social Networking

42

2 abs.twimg.com

Social Networking

12

3 twitter.com

Social Networking

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 8 of 15

Emails
Top Senders by Number of Emails
# Sender
1

Number of Emails

192.168.2.2

136

Top Recipients by Number of Emails


# Recipient

Number of Emails

192.168.2.2

241

172.16.1.5

14

192.168.100.110

Top Senders by Combined Email Size


# Sender
1

Combined Email Size

192.168.2.2

41.58 KB

Top Recipients by Combined Email Size


# Recipient

Combined Email Size

192.168.100.110

192.168.2.2

77.19 KB

172.16.1.5

4.60 KB

Security Analysis - FortiAnalyzer Host Name: FAZVM64

449.06 KB

page 9 of 15

Threats
Malware Detected
# Malware Name

Malware Type

Virus

EICAR_TEST_FILE

Counts
3

Malware Victims
# Victim Name (or IP)
1

Counts

192.168.2.2

Malware Source
# Malware Source

Hostname (or IP)

1 192.168.2.2

fipps.itcon.info

Counts
2

2 192.168.2.2

secure.eicar.org

Botnet Detected
No matching log data for this report

Botnet Victims
No matching log data for this report

Botnet C&C
No matching log data for this report

Intrusions Detected
No matching log data for this report

Intrusion Victims
No matching log data for this report

Intrusion Sources
No matching log data for this report

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 10 of 15

VPN Usage
VPN Traffic Usage Trend
No matching log data for this report

VPN User Logins


No matching log data for this report

Authenticated Logins
No matching log data for this report

Failed Login Attempts


No matching log data for this report

Top Dial-up VPN Users


No matching log data for this report

Top Sources of SSL VPN Tunnels by Bandwidth


No matching log data for this report

Top SSL VPN Tunnel Users by Bandwidth


No matching log data for this report

Top SSL VPN Web Mode Users by Bandwidth


No matching log data for this report

Top SSL VPN Users by Duration


No matching log data for this report

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 11 of 15

Top Users of IPsec VPN Dial-up Tunnel by Bandwidth


No matching log data for this report

Top Site-to-Site IPsec Tunnels by Bandwidth


No matching log data for this report

Top Dial-up IPsec Tunnels by Bandwidth


No matching log data for this report

Top Dial-up IPsec Users by Bandwidth


No matching log data for this report

Top Dial-up IPsec Users by Duration


No matching log data for this report

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 12 of 15

Admin Login and System Events


Login Summary
Total Number of Logins

Total Number of Configuration Changes

Total Duration

# User Name

Login Interface

1 admin

ssh(192.168.2.2)

0 00:53:26

2 admin

https(192.168.2.2)

0 00:00:00

3 admin

jsconsole

0 00:00:00

(hh:mm:ss)

Login Summary By Date


4

Total Number of Logins


Total Number of Configuration Changes

0
:0

12

-2
8

10

-2
8

00

:0

10

-2
7

12

:0

:0

00

-2
7

10

10

-2
6

12

:0

10

-2
6

00

:0

:0

12

-2
5

10

10

-2
5

00

:0

10

-2
4

12

:0

:0

00

-2
4

10

10

-2
3

12

:0

:0
10

-2
3

00

:0

12
10

-2
2

10

10

-2
2

00

:0

List of Failed Logins


# Login Source

User Name

1 https(192.168.2.2)

Unknown

Total Number of Failed Logins


3

2 ssh(192.168.2.2)

admin

Events by Severity
Low 76.70% (270 )
Info 21.59% (76 )
Critical 1.70% (6 )

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 13 of 15

Events by Date
Critical
High
30

Medium
Low
Info

20

10

0
12

:0

0
10

-2
8

00

:0

0
10

-2
8

12

:0

0
10

-2
7

00

:0

0
10

-2
7

12

:0

0
10

-2
6

00

:0

0
10

-2
6

12

:0

0
10

-2
5

00

:0

0
10

-2
5

12

:0

0
10

-2
4

00

:0

0
10

-2
4

12

:0

0
-2
3
10

-2
3

00

:0

0
:0
12
10

-2
2
10

10

-2
2

00

:0

Critical Severity Events


# Event Name (Description)

Severity

Counts

1 Failed admin login attempt

Critical

2 device is rebooted

Critical

3 update virus and IDS database

Critical

High Severity Events


No matching log data for this report

Medium Severity Events


No matching log data for this report

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 14 of 15

Appendix A
Devices
FG100D3G13802416
FGT-90D

Security Analysis - FortiAnalyzer Host Name: FAZVM64

page 15 of 15

You might also like