Professional Documents
Culture Documents
Fortigate Daily Security Report: Report Date: 2020-06-02 Data Range: Jun 01, 2020 (FW - Sm01)
Fortigate Daily Security Report: Report Date: 2020-06-02 Data Range: Jun 01, 2020 (FW - Sm01)
Web Usage............................................................................................................................................................... 4
Top Allowed Websites...................................................................................................................................................... 4
Top Websites by Bandwidth............................................................................................................................................. 4
Top Blocked Websites...................................................................................................................................................... 4
Top Users by Blocked Requests....................................................................................................................................... 4
Top Users by Requests.................................................................................................................................................... 4
Top Users by Bandwidth................................................................................................................................................... 4
Top Video Streaming Web Sites by Bandwidth................................................................................................................ 4
Emails....................................................................................................................................................................... 5
Top Senders by Number of Emails................................................................................................................................... 5
Top Senders by Combined Email Size............................................................................................................................. 5
Top Recipients by Number of Emails................................................................................................................................ 5
Top Recipients by Combined Email Size.......................................................................................................................... 5
Threats...................................................................................................................................................................... 6
Malware Detected............................................................................................................................................................. 6
Malware Victims................................................................................................................................................................ 6
Malware Sources.............................................................................................................................................................. 6
Malware History................................................................................................................................................................ 6
Botnet Detected................................................................................................................................................................ 6
Botnet Victims................................................................................................................................................................... 6
Botnet C&C....................................................................................................................................................................... 7
Botnet History................................................................................................................................................................... 7
Intrusions Detected........................................................................................................................................................... 7
Intrusion Victims................................................................................................................................................................ 8
Intrusion Sources.............................................................................................................................................................. 8
Intrusions Blocked............................................................................................................................................................. 10
Intrusions By Severity....................................................................................................................................................... 10
Intrusion History................................................................................................................................................................ 11
0
600
1200
1800
2400
3000
3600
4200
4800
5400
6000
00
0K
500K
1000K
1500K
2000K
2500K
3000K
3500K
4000K
4500K
5000K
Bandwidth
:0 00
0 :0
0
01
:0 01
0 :0
0
Number of Sessions
02
:0 02
0 :0
0
03
:0 03
0 :0
0
04
:0 04
0 :0
0
05
:0 05
0 :0
0
06 06
:0
0
Bandwidth and Applications
:0
0
07
0 0
22 22
:0 :0
0 0
23 23
Traffic In
:0 :0
0 0
Page 1 of 14
Traffic Statistics
Summary Stats
Total Sessions 99.2 K
Total Bytes In: 4.4 GB Out: 3.3 GB
Average Sessions Per Hour 4.1 K
Average Bytes Per Hour In: 186.3 MB Out: 142.5 MB
Most Active Hour By Sessions 2020-06-01 01:00
Total Users 103
Total Applications 101
Total Destinations 601
45
40
35
Active Users
30
25
20
15
10
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Top Destinations by Bandwidth
Hostname (or IP) Traffic Out Traffic In Sessions
apple.com 2.2 GB 986
wetransfer-us-prod-outgoing.s3. 1.6 GB 18
anynet relay 1.3 GB 2
2.tlu.dl.delivery.mp.microsoft. 828.9 MB 1.3 K
etb-medidor.etb.net.co.prod.hos 295.6 MB 14
11.tlu.dl.delivery.mp.microsoft 239.2 MB 279
google.com 143.8 MB 1.7 K
eset.com 132.0 MB 39.0 K
sharepoint.com 126.8 MB 5.0 K
veritas.com 108.3 MB 1.4 K
Malware Victims
# Victim Occurrence
No matching log data for this report
Malware Sources
# Malware Source Host Name Counts
No matching log data for this report
Malware History
10
6
# of Viruses
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
Botnet Detected 23
Botnet Victims
# Victim Name Counts
No matching log data for this report
Botnet History
10
6
# of Botnet
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Intrusions Detected
# Intrusion Name Counts
1 Backdoor.DoublePulsar 261
2 TCP.Split.Handshake 30
3 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 27
4 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 19
5 PHP.Diescan 11
6 Joomla!.Core.Session.Remote.Code.Execution 9
7 vBulletin.Routestring.widgetConfig.Remote.Code.Execution 7
8 PHP.CGI.Argument.Injection 5
9 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
10 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 4
11 PhpStudy.Web.Server.Remote.Code.Execution 4
12 HTTP.Unix.Shell.IFS.Remote.Code.Execution 3
13 Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Up 3
14 Apache.Axis2.Default.Password.Access 1
15 D-Link.Devices.HNAP.SOAPAction-Header.Command.Exe 1
16 Drupal.Core.Form.Rendering.Component.Remote.Code.Ex 1
17 JAWS.DVR.CCTV.Shell.Unauthenticated.Command.Execut 1
18 Netcore.Netis.Devices.Hardcoded.Password.Security.Bypa 1
19 Netlink.GPON.Router.formPing.Remote.Command.Injectio 1
20 Seeyon.Office.Anywhere.htmlofficeservlet.Arbitrary.File.Upl 1
Intrusion Victims
# Intrusion Victim Counts
1 186.116.7.62 309
2 186.116.7.61 53
3 191.76.186.193 7
4 186.116.7.58 6
5 181.234.246.193 5
6 181.134.22.23 4
7 181.55.240.111 4
8 190.24.27.65 4
9 181.136.72.119 2
10 181.62.140.233 2
11 186.84.88.81 2
Intrusion Sources
# Intrusion Source Counts
1 186.116.86.81 186
2 103.240.37.254 44
3 10.80.70.28 7
4 195.54.160.135 7
5 10.80.70.157 5
6 10.80.70.171 5
7 103.216.216.190 5
8 113.160.220.181 5
9 117.102.109.58 5
10 118.70.176.149 5
11 125.160.65.131 5
12 210.193.49.183 5
13 64.225.27.1 5
14 64.225.37.197 5
15 10.80.70.42 4
16 10.80.70.80 4
17 109.94.179.49 4
18 103.214.233.63 3
19 193.118.53.210 3
20 10.80.70.108 2
21 10.80.70.91 2
Intrusions Blocked
# Intrusion Name Counts
1 Backdoor.DoublePulsar 261
2 MS.SMB.Server.Trans.Peeking.Data.Information.Disclosur 27
3 MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.E 19
4 PHP.Diescan 11
5 Joomla!.Core.Session.Remote.Code.Execution 9
6 vBulletin.Routestring.widgetConfig.Remote.Code.Execution 7
7 PHP.CGI.Argument.Injection 5
8 ThinkPHP.Controller.Parameter.Remote.Code.Execution 5
9 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 4
10 PhpStudy.Web.Server.Remote.Code.Execution 4
Intrusions By Severity
% Severity Occurrence
78.1% critical 311
17.3% medium 69
4.5% high 18
0
7
14
21
28
35
42
49
56
63
70
00
:0
0
01
:0
0
02
:0 Intrusion History
0
03
:0
0
04
:0
0
05
:0
0
06
:0
0
07
:0
Page 11 of 14
VPN Usage
Site-to-Site IPSec Tunnels by Bandwidth
# Tunnel Duration Traffic Out Traffic In
1 SINAPSYS 01d 00h 00m 25s 7.2 MB
System Events
# Event Name (Description) Severity Counts
1 Configuration changed 1