Fortigate Daily Security Report: Report Date: 2020-06-02 Data Range: Jun 01, 2020 (FW - Sm01)

FortiGate Daily Security Report
Report Date: 2020-06-02
Data Range: Jun 01, 2020 (FW_SM01)
Fortinet Inc. All Rights Reserved. Created on Jun 02,2020 00:01

Table of Contents
Bandwidth and Applications...................................................................................................................................... 1

Bandwidth......................................................................................................................................................................... 1
Number of Sessions.......................................................................................................................................................... 1
Traffic Statistics................................................................................................................................................................. 2
Top Applications by Bandwidth......................................................................................................................................... 2
Top Application Categories by Bandwidth........................................................................................................................ 2
Top Users by Bandwidth................................................................................................................................................... 3
Number of Active Users.................................................................................................................................................... 3
Top Destinations by Bandwidth........................................................................................................................................ 3
Web Usage............................................................................................................................................................... 4
Top Allowed Websites...................................................................................................................................................... 4
Top Websites by Bandwidth............................................................................................................................................. 4
Top Blocked Websites...................................................................................................................................................... 4
Top Users by Blocked Requests....................................................................................................................................... 4
Top Users by Requests.................................................................................................................................................... 4
Top Users by Bandwidth................................................................................................................................................... 4
Top Video Streaming Web Sites by Bandwidth................................................................................................................ 4
Emails....................................................................................................................................................................... 5
Top Senders by Number of Emails................................................................................................................................... 5
Top Senders by Combined Email Size............................................................................................................................. 5
Top Recipients by Number of Emails................................................................................................................................ 5
Top Recipients by Combined Email Size.......................................................................................................................... 5
Threats...................................................................................................................................................................... 6
Malware Detected............................................................................................................................................................. 6
Malware Victims................................................................................................................................................................ 6
Malware Sources.............................................................................................................................................................. 6
Malware History................................................................................................................................................................ 6
Botnet Detected................................................................................................................................................................ 6
Botnet Victims................................................................................................................................................................... 6
Botnet C&C....................................................................................................................................................................... 7
Botnet History................................................................................................................................................................... 7
Intrusions Detected........................................................................................................................................................... 7
Intrusion Victims................................................................................................................................................................ 8
Intrusion Sources.............................................................................................................................................................. 8
Intrusions Blocked............................................................................................................................................................. 10
Intrusions By Severity....................................................................................................................................................... 10
Intrusion History................................................................................................................................................................ 11
FortiGate Daily Security Report - Host Name: FW_SM01

VPN Usage............................................................................................................................................................... 12
Site-to-Site IPSec Tunnels by Bandwidth......................................................................................................................... 12
Client-to-Site IPSec Tunnels by Bandwidth...................................................................................................................... 12
SSL-VPN Tunnel Users by Bandwidth.............................................................................................................................. 12
SSL-VPN Web Mode Users by Bandwidth....................................................................................................................... 13
Admin Login and System Events.............................................................................................................................. 14

Admin Login Summary...................................................................................................................................................... 14
List of Failed Logins.......................................................................................................................................................... 14
System Events.................................................................................................................................................................. 14

Sessions Bandwidth (bit/s)
0
600
1200
1800
2400
3000
3600
4200
4800
5400
6000
00
0K
500K
1000K
1500K
2000K
2500K
3000K
3500K
4000K
4500K
5000K
Bandwidth
:0 00
0 :0
0
01
:0 01
0 :0
0
Number of Sessions
02
:0 02
0 :0
0
03
:0 03
0 :0
0
04
:0 04
0 :0
0
05
:0 05
0 :0
0
06 06
:0
0
Bandwidth and Applications
:0
0
07

:0 07
0 :0
0
08 08
:0
0 :0
0
09 09
:0
0 :0
0
10 10
:0 :0
0 0
11 11
:0 :0
0 0
12 12
:0 :0
0 0
13 13
:0 :0
0 0
14 14
:0 :0
0 0
15 15
:0 :0
0 0
16 16
:0 :0
0 0
17 17
:0 :0
0 0
18 18
:0 :0
0 0
19 19
:0 :0
0 0
20 20
:0 :0
0 0
21 21
:0 :0
Traffic Out
0 0
22 22
:0 :0
0 0
23 23
Traffic In
:0 :0
0 0
Page 1 of 14
Traffic Statistics
Summary Stats
Total Sessions 99.2 K
Total Bytes In: 4.4 GB Out: 3.3 GB
Average Sessions Per Hour 4.1 K
Average Bytes Per Hour In: 186.3 MB Out: 142.5 MB
Most Active Hour By Sessions 2020-06-01 01:00
Total Users 103
Total Applications 101
Total Destinations 601
Top Applications by Bandwidth

Application Traffic Out Traffic In Sessions
Apple.Software.Update 2.0 GB 95
Amazon.AWS 1.6 GB 24
AnyDesk 1.4 GB 8
MS.Windows.Update 1.2 GB 7.7 K
SSL 342.3 MB 11.4 K
HTTPS.BROWSER 203.8 MB 8.7 K
HTTP.BROWSER 188.6 MB 36.5 K
Microsoft.SharePoint 126.8 MB 5.0 K
Apple.Maps 113.3 MB 745
Google.Accounts 96.6 MB 411
Top Application Categories by Bandwidth

Application Category Traffic Out Traffic In Sessions
Update 3.3 GB 8.7 K
Cloud.IT 1.6 GB 191
Remote.Access 1.4 GB 1.5 K
Web.Client 392.5 MB 45.2 K
Network.Service 355.1 MB 23.6 K
Collaboration 303.4 MB 12.4 K
General.Interest 292.8 MB 5.3 K
Storage.Backup 20.2 MB 1.4 K
Business 6.0 MB 638
VoIP 5.9 MB 15
FortiGate Daily Security Report - Host Name: FW_SM01 Page 2 of 14

Top Users by Bandwidth
User Host Traffic Out Traffic In Sessions
10.80.70.33 10.80.70.33 2.3 GB 3.6 K
10.80.70.49 10.80.70.49 2.2 GB 850
10.80.70.32 10.80.70.32 713.7 MB 5.5 K
10.80.70.171 10.80.70.171 511.9 MB 1.2 K
10.80.70.80 10.80.70.80 362.8 MB 396
10.80.70.101 10.80.70.101 320.3 MB 3.0 K
10.80.70.157 10.80.70.157 205.9 MB 5.2 K
192.168.71.13 192.168.71.13 128.8 MB 40.6 K
10.80.70.42 10.80.70.42 125.1 MB 1.9 K
192.168.71.11 192.168.71.11 112.4 MB 5.3 K
Number of Active Users

50
45
40
35
Active Users
30
25
20
15
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Top Destinations by Bandwidth
Hostname (or IP) Traffic Out Traffic In Sessions
apple.com 2.2 GB 986
wetransfer-us-prod-outgoing.s3. 1.6 GB 18
anynet relay 1.3 GB 2
2.tlu.dl.delivery.mp.microsoft. 828.9 MB 1.3 K
etb-medidor.etb.net.co.prod.hos 295.6 MB 14
11.tlu.dl.delivery.mp.microsoft 239.2 MB 279
google.com 143.8 MB 1.7 K
eset.com 132.0 MB 39.0 K
sharepoint.com 126.8 MB 5.0 K
veritas.com 108.3 MB 1.4 K

Web Usage
Top Allowed Websites
Website Requests
No matching log data for this report
Top Websites by Bandwidth

Website Traffic Out Traffic In
Top Blocked Websites

Website Requests
Top Users by Blocked Requests

User(or IP) Hostname(MAC) Requests
Top Users by Requests

User(or IP) Hostname(MAC) Requests
Top Users by Bandwidth

User(or IP) Hostname(Mac) Traffic Out Traffic In
Top Video Streaming Web Sites by Bandwidth

Emails
Top Senders by Number of Emails
Sender Number of Emails
Top Senders by Combined Email Size

Sender Bandwidth
Top Recipients by Number of Emails

Recipient Number of Emails
Top Recipients by Combined Email Size

Recipient Bandwidth

Threats
Malware Detected
# Malware Name Malware Type Occurrence
Malware Victims
# Victim Occurrence
Malware Sources
# Malware Source Host Name Counts
Malware History
10
6
# of Viruses
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Botnet Detected 23
# Botnet Name Counts

Botnet Victims
# Victim Name Counts

Botnet C&C
# C & C IP Host Name Counts
Botnet History
10
6
# of Botnet
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Intrusions Detected
# Intrusion Name Counts
1 Backdoor.DoublePulsar 261
2 TCP.Split.Handshake 30
3 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 27
4 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 19
5 PHP.Diescan 11
6 Joomla!.Core.Session.Remote.Code.Execution 9
7 vBulletin.Routestring.widgetConfig.Remote.Code.Execution 7
8 PHP.CGI.Argument.Injection 5
9 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
10 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 4
11 PhpStudy.Web.Server.Remote.Code.Execution 4
12 HTTP.Unix.Shell.IFS.Remote.Code.Execution 3
13 Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Up 3
14 Apache.Axis2.Default.Password.Access 1
15 D-Link.Devices.HNAP.SOAPAction-Header.Command.Exe 1
16 Drupal.Core.Form.Rendering.Component.Remote.Code.Ex 1
17 JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execut 1
18 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 1
19 Netlink.GPON.Router.formPing.Remote.Command.Injectio 1
20 Seeyon.Office.Anywhere.htmlofficeservlet.Arbitrary.File.Upl 1

Intrusions Detected (contd)
21 ThinkPHP.HTTP.VARS.S.Remote.Code.Injection 1
22 ThinkPHP.Request.Method.Remote.Code.Execution 1
23 Tongda.Office.Anywhere.Unauthorized.File.Upload 1
Intrusion Victims
# Intrusion Victim Counts
1 186.116.7.62 309
2 186.116.7.61 53
3 191.76.186.193 7
4 186.116.7.58 6
5 181.234.246.193 5
6 181.134.22.23 4
7 181.55.240.111 4
8 190.24.27.65 4
9 181.136.72.119 2
10 181.62.140.233 2
11 186.84.88.81 2
Intrusion Sources
# Intrusion Source Counts
1 186.116.86.81 186
2 103.240.37.254 44
3 10.80.70.28 7
4 195.54.160.135 7
5 10.80.70.157 5
6 10.80.70.171 5
7 103.216.216.190 5
8 113.160.220.181 5
9 117.102.109.58 5
10 118.70.176.149 5
11 125.160.65.131 5
12 210.193.49.183 5
13 64.225.27.1 5
14 64.225.37.197 5
15 10.80.70.42 4
16 10.80.70.80 4
17 109.94.179.49 4
18 103.214.233.63 3
19 193.118.53.210 3
20 10.80.70.108 2
21 10.80.70.91 2

Intrusion Sources (contd)
22 103.119.141.13 2
23 106.250.199.244 2
24 115.79.102.233 2
25 117.6.198.11 2
26 119.152.240.134 2
27 120.29.225.35 2
28 156.215.128.226 2
29 177.37.153.43 2
30 178.68.58.16 2
31 182.74.23.50 2
32 182.76.164.182 2
33 186.167.48.98 2
34 187.8.184.123 2
35 190.106.214.10 2
36 200.123.0.114 2
37 202.60.105.44 2
38 217.25.16.178 2
39 218.173.29.209 2
40 223.206.222.220 2
41 36.83.130.217 2
42 46.24.168.202 2
43 78.174.186.59 2
44 78.30.227.41 2
45 84.18.117.8 2
46 85.139.194.182 2
47 88.225.219.139 2
48 89.169.3.87 2
49 10.80.70.32 1
50 106.225.219.144 1
51 117.4.120.242 1
52 136.232.232.18 1
53 138.121.183.221 1
54 139.255.95.74 1
55 182.53.196.109 1
56 187.202.228.136 1
57 187.237.134.222 1
58 190.141.95.158 1
59 197.248.30.25 1
60 200.11.241.44 1
61 202.62.224.32 1
62 203.156.124.232 1
63 212.8.71.227 1

Intrusion Sources (contd)
64 23.102.159.0 1
65 36.109.20.2 1
66 36.92.172.242 1
67 37.106.76.116 1
68 41.33.146.1 1
69 45.238.244.8 1
70 5.21.67.236 1
71 61.178.249.23 1
72 80.156.227.90 1
73 89.221.87.109 1
74 91.203.61.191 1
75 94.102.51.225 1
76 98.187.171.82 1
Intrusions Blocked
1 Backdoor.DoublePulsar 261
2 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 27
3 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 19
4 PHP.Diescan 11
5 Joomla!.Core.Session.Remote.Code.Execution 9
6 vBulletin.Routestring.widgetConfig.Remote.Code.Execution 7
7 PHP.CGI.Argument.Injection 5
8 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
9 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 4
10 PhpStudy.Web.Server.Remote.Code.Execution 4
Intrusions By Severity
% Severity Occurrence
78.1% critical 311
17.3% medium 69
4.5% high 18

# of Intrusions
0
7
14
21
28
35
42
49
56
63
70
00
:0
0
01
:0
0
02
:0 Intrusion History
0
03
:0
0
04
:0
0
05
:0
0
06
:0
0
07
:0

0
08
:0
0
09
:0
0
10
:0
0
11
:0
0
12
:0
0
13
:0
0
14
:0
0
15
:0
0
16
:0
0
17
:0
0
18
:0
0
19
:0
0
20
:0
0
21
:0
0
22
:0
0
23
:0
0
Page 11 of 14
VPN Usage
Site-to-Site IPSec Tunnels by Bandwidth
# Tunnel Duration Traffic Out Traffic In
1 SINAPSYS 01d 00h 00m 25s 7.2 MB
Client-to-Site IPSec Tunnels by Bandwidth

# User Tunnel Duration Traffic Out Traffic In
1 proveedores VPN_PROVEEDOR 27m 45s 2.7 MB
SSL-VPN Tunnel Users by Bandwidth

# User IP Traffic Out Traffic In
1 apardo 186.85.5.162 2.2 GB
2 proveedores 190.157.71.215 438.4 MB
3 msotop 186.155.15.133 279.8 MB
4 mcastillom 190.130.72.215 168.2 MB
5 jgarzon 186.84.89.196 129.1 MB
6 proveedores 190.157.162.252 119.1 MB
7 proveedores 201.244.141.132 116.0 MB
8 dlopeza 186.82.188.235 115.5 MB
9 proveedores 186.147.106.79 63.2 MB
10 proveedores 181.53.12.151 57.6 MB
11 abeltran 186.85.130.72 38.7 MB
12 proveedores 186.83.10.161 28.7 MB
13 roospina 181.50.248.100 27.6 MB
14 bordonez.colex 186.155.13.231 26.9 MB
15 proveedores 186.83.86.201 20.1 MB
16 nquiroga 179.32.130.7 16.6 MB
17 proveedores 190.27.113.81 14.9 MB
18 iarjona 181.52.21.232 14.3 MB
19 acamacho 190.24.27.65 10.6 MB
20 jllarave 186.154.36.189 10.5 MB
21 proveedores 190.24.51.184 9.9 MB
22 anmorales 186.155.19.159 8.3 MB
23 lordonez 186.155.60.100 6.7 MB
24 msotop 186.29.183.155 5.5 MB
25 proveedores 200.69.82.91 4.4 MB
26 proveedores 186.29.121.167 3.7 MB
27 jgalindo 200.119.40.103 3.0 MB
28 lgil 181.134.22.23 2.0 MB
29 lgil 10.80.70.171 62.5 KB

SSL-VPN Web Mode Users by Bandwidth
# User IP Traffic Out Traffic In

Admin Login and System Events
Admin Login Summary
# User Name Login Interface Total # of Logins Total # of Configuration Changes Total Duration
1 rvelasquez https(181.62.140.233) 1 1 14m 32s
List of Failed Logins

# User Name Login Interface # of Failed Logins
System Events
# Event Name (Description) Severity Counts
1 Configuration changed 1
2 SSL Message Authentication Code corrupted 131
3 Disk log file deleted 4

Fortigate Daily Security Report: Report Date: 2020-06-02 Data Range: Jun 01, 2020 (FW - Sm01)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fortigate Daily Security Report: Report Date: 2020-06-02 Data Range: Jun 01, 2020 (FW - Sm01)

Uploaded by

Copyright:

Available Formats

FortiGate Daily Security Report

Report Date: 2020-06-02

Data Range: Jun 01, 2020 (FW_SM01)

Fortinet Inc. All Rights Reserved. Created on Jun 02,2020 00:01

Bandwidth and Applications...................................................................................................................................... 1

FortiGate Daily Security Report - Host Name: FW_SM01

Admin Login and System Events.............................................................................................................................. 14

FortiGate Daily Security Report - Host Name: FW_SM01

FortiGate Daily Security Report - Host Name: FW_SM01

Top Applications by Bandwidth

Top Application Categories by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 2 of 14

Number of Active Users

FortiGate Daily Security Report - Host Name: FW_SM01 Page 3 of 14

Top Websites by Bandwidth

Top Blocked Websites

Top Users by Blocked Requests

Top Users by Requests

Top Users by Bandwidth

Top Video Streaming Web Sites by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 4 of 14

Top Senders by Combined Email Size

Top Recipients by Number of Emails

Top Recipients by Combined Email Size

FortiGate Daily Security Report - Host Name: FW_SM01 Page 5 of 14

# Botnet Name Counts

FortiGate Daily Security Report - Host Name: FW_SM01 Page 6 of 14

FortiGate Daily Security Report - Host Name: FW_SM01 Page 7 of 14

FortiGate Daily Security Report - Host Name: FW_SM01 Page 8 of 14

FortiGate Daily Security Report - Host Name: FW_SM01 Page 9 of 14

FortiGate Daily Security Report - Host Name: FW_SM01 Page 10 of 14

FortiGate Daily Security Report - Host Name: FW_SM01

Client-to-Site IPSec Tunnels by Bandwidth

SSL-VPN Tunnel Users by Bandwidth

FortiGate Daily Security Report - Host Name: FW_SM01 Page 12 of 14

FortiGate Daily Security Report - Host Name: FW_SM01 Page 13 of 14

List of Failed Logins

2 SSL Message Authentication Code corrupted 131

3 Disk log file deleted 4

FortiGate Daily Security Report - Host Name: FW_SM01 Page 14 of 14

You might also like