Reporte FortiAnalizer

Security Analysis
Report Date: October 29, 2014 16:14

Data Range: 2014-10-22 00:00 2014-10-28 23:59 CST (FAZ local)
Fortinet Inc. All rights reserved.
Created on October 29, 2014 16:14
Table of Contents
Bandwidth and Applications
Traffic Bandwidth
Number of Sessions
Top Applications by Bandwidth
Top Applications by Sessions
Top Users by Bandwidth
Top Users by Sessions
Top Destination by Bandwidth
Top Destination by Sessions
DHCP Summary
Top Wifi Client by Bandwidth
Traffic History by Number of Active Users
Web Usage
Top 20 Most Active Users
Top 20 Most Visited Categories
Top 50 Most Visited Sites
Top 10 Online Users
Top 10 Categories
Top 50 Sites By Browsing Time
Top 20 Bandwidth Users
Top 20 Categories By Bandwidth
Top 50 Sites (and Category) by Bandwidth
Top 20 Most Blocked Users
Top 20 Most Blocked Categories
Top 50 Most Blocked Sites
Emails
Top Senders by Number of Emails
Top Recipients by Number of Emails
Top Senders by Combined Email Size
Top Recipients by Combined Email Size
Threats
Malware Detected
Malware Victims
Malware Source
Botnet Detected
Botnet Victims
Botnet C&C
Intrusions Detected
Intrusion Victims
Intrusion Sources
VPN Usage
VPN Traffic Usage Trend
VPN User Logins
Authenticated Logins
Failed Login Attempts
Top Dial-up VPN Users
Top Sources of SSL VPN Tunnels by Bandwidth
Top SSL VPN Tunnel Users by Bandwidth
Top SSL VPN Web Mode Users by Bandwidth
Security Analysis - FortiAnalyzer Host Name: FAZVM64
3
3
3
4
4
4
4
5
5
5
5
6
7
7
7
7
7
7
7
7
7
7
8
8
8
9
9
9
9
9
10
10
10
10
10
10
10
10
10
10
11
11
11
11
11
11
11
11
11
page 1 of 15
Top SSL VPN Users by Duration

Top Users of IPsec VPN Dial-up Tunnel by Bandwidth
Top Site-to-Site IPsec Tunnels by Bandwidth
Top Dial-up IPsec Tunnels by Bandwidth
Top Dial-up IPsec Users by Bandwidth
Top Dial-up IPsec Users by Duration
Admin Login and System Events

Login Summary
Login Summary By Date
List of Failed Logins
Events by Severity
Events by Date
Critical Severity Events
High Severity Events
Medium Severity Events
Appendix A
Devices
11
12
12
12
12
12
13
13
13
13
13
14
14
14
14
15
15
page 2 of 15

10
10
10
10
10
10
10
10
10
10
-2
8
-2
8
-2
7
-2
7
-2
6
-2
6
-2
5
-2
5
-2
4
-2
4
-2
3
12
00
12
00
12
00
12
00
12
00
12
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
3K
10
4K
5K
:0
6K
Number of Sessions
10
10
10
10
10
10
10
10
10
10
10
10
10
-2
8
-2
8
-2
7
-2
7
-2
6
-2
6
-2
5
-2
5
-2
4
-2
4
-2
3
-2
3
-2
2
12
00
12
00
12
00
12
00
12
00
12
00
12
00
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
Traffic In
800 MB
600 MB
:0
:0
-2
2
Traffic Out
400 MB
00
12
00
10
600 MB
-2
3
-2
2
-2
2
800 MB
10
10
10
Bandwidth and Applications
Traffic Bandwidth
200 MB
200 MB
0
400 MB
Number of Sessions
2K
1K
page 3 of 15
Top Applications by Bandwidth

# Application
Traffic Out Traffic In
Bandwidth
1 HTTP
1.04 GB
2 HTTPS
7.60 MB
3 SSL
2.76 MB
4 DNS
1.17 MB
5 RSH
750.35 KB
6 POP3
481.34 KB
7 PING
389.58 KB
8 Twitter
354.33 KB
9 8443/tcp
296.75 KB
10 10443/tcp
274.19 KB
Top Applications by Sessions

# Application
Sessions
1 DNS
3,777
2 8443/tcp
2,044
3 HTTPS
1,636
4 HTTP
1,100
5 53/udp
1,035
6 SMB
588
7 443/tcp
228
8 8008/tcp
156
9 NBSS
138
10 PING
126
Top Users by Bandwidth

# User(or IP)
Bandwidth
192.168.2.2
1.05 GB
192.168.100.110
3.85 MB
172.16.1.5
2.66 MB
192.168.2.3
1.17 MB
Top Users by Sessions

# User (or IP)
Sessions
192.168.2.2
10,155
172.16.1.5
6,749
192.168.100.110
791
192.168.2.3
317
page 4 of 15
Top Destination by Bandwidth

# Hostname(or IP)
Bandwidth
1 a184-25-63-40.deploy.static.akamaitechnologies.com
963.75 MB
69.90 MB
3 8.254.64.126
17.68 MB
4.05 MB
5 96.45.33.106
3.50 MB
6 66.171.121.44
2.26 MB
7 199.96.57.7
1.94 MB
8 192.168.2.3
1.41 MB
9 192.168.1.100
815.38 KB
10 208.91.112.53
778.14 KB
Top Destination by Sessions

# Hostname(or IP)
Sessions
1 192.168.1.100
7,039
2 208.91.112.53
3,188
3 google-public-dns-a.google.com
1,079
4 10.1.15.5
813
5 static-201-151-194-4.alestra.net.mx
612
6 10.1.15.10
498
7 10.1.15.11
496
8 b.resolvers.Level3.net
495
9 www2.twitter.jp
323
10 10.1.0.95
255
DHCP Summary
No matching log data for this report
Top Wifi Client by Bandwidth

page 5 of 15

10
10
10
10
10
10
10
10
10
10
10
-2
8
-2
8
-2
7
-2
7
-2
6
-2
6
-2
5
-2
5
-2
4
-2
4
-2
3
-2
3
-2
2
-2
2
12
00
12
00
12
00
12
00
12
00
12
00
12
00
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
Active Users
10
10
10
Traffic History by Number of Active Users

4
page 6 of 15
Web Usage
Top 20 Most Active Users
Top 20 Most Visited Categories

Top 50 Most Visited Sites

Top 10 Online Users

# User (or IP)
Browsing Time(hh:mm:ss)
1 192.168.100.110
00:02:55
Top 10 Categories
# Category
1
Social Networking
00:02:55
Top 50 Sites By Browsing Time

# Sites
Category
1 syndication.twitter.com
Social Networking
00:02:39
2 abs.twimg.com
Social Networking
00:00:11
3 twitter.com
Social Networking
00:00:05
Top 20 Bandwidth Users

# User (or IP)
1
192.168.100.110
Hostname (or MAC)

192.168.100.110
Bandwidth
191.21 KB
Top 20 Categories By Bandwidth

# Category
1
Bandwidth
Social Networking
191.21 KB
Top 50 Sites (and Category) by Bandwidth

page 7 of 15
Top 20 Most Blocked Users

# User (or IP)
1
Hostname (or MAC)
192.168.100.110
Requests
192.168.100.110
55
Top 20 Most Blocked Categories

# Category
1
Requests
Social Networking
55
Top 50 Most Blocked Sites

# Website
Category
Requests
1 syndication.twitter.com
Social Networking
42
2 abs.twimg.com
Social Networking
12
3 twitter.com
Social Networking
page 8 of 15
Emails
Top Senders by Number of Emails
# Sender
1
Number of Emails
192.168.2.2
136
Top Recipients by Number of Emails

# Recipient
Number of Emails
192.168.2.2
241
172.16.1.5
14
192.168.100.110
Top Senders by Combined Email Size

# Sender
1
Combined Email Size
192.168.2.2
41.58 KB
Top Recipients by Combined Email Size

# Recipient
Combined Email Size
192.168.100.110
192.168.2.2
77.19 KB
172.16.1.5
4.60 KB
449.06 KB
page 9 of 15
Threats
Malware Detected
# Malware Name
Malware Type
Virus
EICAR_TEST_FILE
Counts
3
Malware Victims
# Victim Name (or IP)
1
Counts
192.168.2.2
Malware Source
# Malware Source
Hostname (or IP)
1 192.168.2.2
fipps.itcon.info
Counts
2
2 192.168.2.2
secure.eicar.org
Botnet Detected
Botnet Victims
Botnet C&C
Intrusions Detected
Intrusion Victims
Intrusion Sources
page 10 of 15
VPN Usage
VPN Traffic Usage Trend
VPN User Logins

Authenticated Logins
Failed Login Attempts

Top Dial-up VPN Users

Top Sources of SSL VPN Tunnels by Bandwidth

Top SSL VPN Tunnel Users by Bandwidth

Top SSL VPN Web Mode Users by Bandwidth

Top SSL VPN Users by Duration

page 11 of 15
Top Users of IPsec VPN Dial-up Tunnel by Bandwidth

Top Site-to-Site IPsec Tunnels by Bandwidth

Top Dial-up IPsec Tunnels by Bandwidth

Top Dial-up IPsec Users by Bandwidth

Top Dial-up IPsec Users by Duration

page 12 of 15
Admin Login and System Events

Login Summary
Total Number of Logins
Total Number of Configuration Changes
Total Duration
# User Name
Login Interface
1 admin
ssh(192.168.2.2)
0 00:53:26
2 admin
https(192.168.2.2)
0 00:00:00
3 admin
jsconsole
0 00:00:00
(hh:mm:ss)
Login Summary By Date

4
Total Number of Logins

Total Number of Configuration Changes
0
:0
12
-2
8
10
-2
8
00
:0
10
-2
7
12
:0
:0
00
-2
7
10
10
-2
6
12
:0
10
-2
6
00
:0
:0
12
-2
5
10
10
-2
5
00
:0
10
-2
4
12
:0
:0
00
-2
4
10
10
-2
3
12
:0
:0
10
-2
3
00
:0
12
10
-2
2
10
10
-2
2
00
:0
List of Failed Logins

# Login Source
User Name
1 https(192.168.2.2)
Unknown
Total Number of Failed Logins

3
2 ssh(192.168.2.2)
admin
Events by Severity
Low 76.70% (270 )
Info 21.59% (76 )
Critical 1.70% (6 )
page 13 of 15
Events by Date
Critical
High
30
Medium
Low
Info
20
10
0
12
:0
0
10
-2
8
00
:0
0
10
-2
8
12
:0
0
10
-2
7
00
:0
0
10
-2
7
12
:0
0
10
-2
6
00
:0
0
10
-2
6
12
:0
0
10
-2
5
00
:0
0
10
-2
5
12
:0
0
10
-2
4
00
:0
0
10
-2
4
12
:0
0
-2
3
10
-2
3
00
:0
0
:0
12
10
-2
2
10
10
-2
2
00
:0
Critical Severity Events

# Event Name (Description)
Severity
Counts
1 Failed admin login attempt
Critical
2 device is rebooted
Critical
3 update virus and IDS database
Critical
High Severity Events

Medium Severity Events

page 14 of 15
Appendix A
Devices
FG100D3G13802416
FGT-90D
page 15 of 15

Reporte FortiAnalizer

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Reporte FortiAnalizer

Uploaded by

Copyright:

Available Formats

Security Analysis

Report Date: October 29, 2014 16:14

Fortinet Inc. All rights reserved.

Created on October 29, 2014 16:14

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Top SSL VPN Users by Duration

Admin Login and System Events

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Bandwidth and Applications

Top Applications by Bandwidth

Traffic Out Traffic In

Top Applications by Sessions

Top Users by Bandwidth

Traffic Out Traffic In

Top Users by Sessions

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Top Destination by Bandwidth

Traffic Out Traffic In

Top Destination by Sessions

Top Wifi Client by Bandwidth

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Traffic History by Number of Active Users

Top 20 Most Visited Categories

Top 50 Most Visited Sites

Top 10 Online Users

Top 50 Sites By Browsing Time

Top 20 Bandwidth Users

Hostname (or MAC)

Top 20 Categories By Bandwidth

Top 50 Sites (and Category) by Bandwidth

Top 20 Most Blocked Users

Hostname (or MAC)

Top 20 Most Blocked Categories

Top 50 Most Blocked Sites

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Top Recipients by Number of Emails

Top Senders by Combined Email Size

Combined Email Size

Top Recipients by Combined Email Size

Combined Email Size

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Hostname (or IP)

Security Analysis - FortiAnalyzer Host Name: FAZVM64

VPN User Logins

Failed Login Attempts

Top Dial-up VPN Users

Top Sources of SSL VPN Tunnels by Bandwidth

Top SSL VPN Tunnel Users by Bandwidth

Top SSL VPN Web Mode Users by Bandwidth

Top SSL VPN Users by Duration

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Top Users of IPsec VPN Dial-up Tunnel by Bandwidth

Top Site-to-Site IPsec Tunnels by Bandwidth

Top Dial-up IPsec Tunnels by Bandwidth

Top Dial-up IPsec Users by Bandwidth

Top Dial-up IPsec Users by Duration

Security Analysis - FortiAnalyzer Host Name: FAZVM64

Admin Login and System Events

Total Number of Configuration Changes

Login Summary By Date

Total Number of Logins

List of Failed Logins