Scribd Logo
Upload

Welcome to Scribd!

  • Summary Report: Threat Analysis

    Uploaded by

    Armando Maya
    13 views9 pages
    This report summarizes the network activity and threats detected for a FortiGate device between December 29, 2020 and December 30, 2020. Failed connection attempts were the top threat detected, comprising 95.2% of all threats. The top viruses detected targeted IP 192.168.58.166 and were Malware_Generic.P0, PHP/Agent.NHI!tr, and PHP/Rst.CO!tr.bdr. HTTPS traffic dominated the network usage, accounting for 71.3% of all traffic. The top talking devices were IP 200.55.140.135 and 192.168.58.166.

    Original Description:

    Original Title

    Summary Report_daily_2020-12-29_2020-12-30_root_1609326311537_808

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This report summarizes the network activity and threats detected for a FortiGate device between December 29, 2020 and December 30, 2020. Failed connection attempts were the top threat detected, comprising 95.2% of all threats. The top viruses detected targeted IP 192.168.58.166 and were Malware_Generic.P0, PHP/Agent.NHI!tr, and PHP/Rst.CO!tr.bdr. HTTPS traffic dominated the network usage, accounting for 71.3% of all traffic. The top talking devices were IP 200.55.140.135 and 192.168.58.166.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    13 views9 pages

    Summary Report: Threat Analysis

    Uploaded by

    Armando Maya
    This report summarizes the network activity and threats detected for a FortiGate device between December 29, 2020 and December 30, 2020. Failed connection attempts were the top threat detected, comprising 95.2% of all threats. The top viruses detected targeted IP 192.168.58.166 and were Malware_Generic.P0, PHP/Agent.NHI!tr, and PHP/Rst.CO!tr.bdr. HTTPS traffic dominated the network usage, accounting for 71.3% of all traffic. The top talking devices were IP 200.55.140.135 and 192.168.58.166.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 9

    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q...

    , VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    Summary Report

    Threat Analysis
    Top Threats
    Threat Category Level Score %
    Failed Connection Attempt Firewall Control Low 494230 95.2%
    Blocked Connection Attempts Firewall Control High 24750 4.8%
    Malware_Generic.P0 Malware Critical 250 0.0%
    PHP/Agent.NHI!tr Malware Critical 50 0.0%
    PHP/Rst.CO!tr.bdr Malware Critical 50 0.0%
    udp_flood Anomaly Critical 50 0.0%
    Total: 519380

    Top Viruses
    Virus Incidents %
    Malware_Generic.P0-http 5 71.4%
    PHP/Agent.NHI!tr-http 1 14.3%
    PHP/Rst.CO!tr.bdr-http 1 14.3%
    Total: 7

    Top Virus Victims


    Victim Incidents %
    192.168.58.166 7 100.0%
    Total: 7

    Top Attacks
    No Data

    Top Attack Victims


    No Data

    Top Spam by Source IP


    No Data

    Top Data Leak by Rules


    No Data

    Page 1
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    Top Data Leak by Source


    No Data

    Page 2
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    Traffic Analysis
    Traffic Trend

    1,600

    1,400

    1,200
    Traffic (MB)

    1,000

    800

    600

    400

    200

    0
    00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
    2020-12-29 00:00 -- 2020-12-30 00:00

    Top Application Categories

    100%

    unscanned = 25.2 GB(100%)

    Top Applications
    Application Traffic(Sent/Received) % Session %
    https 600.6 MB / 17.4 GB 71.3% 163314 20.5%
    tcp 389.4 MB / 3.8 GB 16.8% 191645 24.0%
    rdp 847.9 MB / 407.4 MB 4.9% 185380 23.3%
    http 203.1 MB / 646.1 MB 3.3% 34314 4.3%
    udp 672.9 MB / 120.5 MB 3.1% 63584 8.0%
    smtp 50.1 MB / 1.1 MB 0.2% 1031 0.1%
    ms-sql 24 MB / 23.8 MB 0.2% 49010 6.1%
    smtps 32.6 MB / 2.2 MB 0.1% 7196 0.9%
    ssh 11.2 MB / 16.9 MB 0.1% 15711 2.0%
    dns 5.6 MB / 11.8 MB 0.1% 74483 9.3%
    gopher 2.9 MB / 2.8 MB 0.0% 541 0.1%
    ping 505 KB / 505 KB 0.0% 927 0.1%
    ntp 506 KB / 504 KB 0.0% 6797 0.9%
    pop3s 62 KB / 432 KB 0.0% 51 0.0%
    408 KB / 44 KB 0.0% 1120 0.1%
    x

    Page 3
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    mysql 85 KB / 93 KB 0.0% 253 0.0%


    ftp 50 KB / 92 KB 0.0% 202 0.0%
    smb 33 KB / 52 KB 0.0% 514 0.1%
    vdolive 22 KB / 15 KB 0.0% 377 0.0%
    sip 32 KB / 1 KB 0.0% 88 0.0%
    Other 50 KB / 47 KB 0.0% 579 0.1%
    Total: 2.8 GB / 22.5 GB Total: 797117

    Sent Received

    Top Applications Categories and Applications


    Application Category % Application % Traffic
    unscanned 100% https 71.3% 600.6 MB/17.4 GB
    tcp 16.8% 389.4 MB/3.8 GB
    rdp 4.9% 847.9 MB/407.4 MB
    http 3.3% 203.1 MB/646.1 MB
    udp 3.1% 672.9 MB/120.5 MB
    Other 0.7% 128.1 MB/60.3 MB
    Total: 2.8 GB/22.5 GB

    Sent Received

    Top Source
    Source Traffic(Sent/Received) % Session %
    200.55.140.135 46.4 MB / 2.2 GB 10.4% 282 0.0%
    189.249.46.174 24 MB / 1.1 GB 5.1% 1879 0.3%
    192.168.58.10 588.4 MB / 340.3 MB 4.3% 5069 0.9%
    192.168.58.174 685.4 MB / 55.3 MB 3.4% 153584 27.2%
    187.189.123.8 5.2 MB / 491.6 MB 2.3% 653 0.1%
    189.240.29.241 5.9 MB / 375.3 MB 1.8% 1020 0.2%
    189.203.89.35 6.9 MB / 346.6 MB 1.6% 422 0.1%
    189.254.19.50 8.3 MB / 325.8 MB 1.5% 1661 0.3%
    200.76.203.74 11.7 MB / 303.7 MB 1.4% 341 0.1%
    189.216.66.243 5.1 MB / 303.4 MB 1.4% 653 0.1%
    192.168.58.195 13.4 MB / 233.7 MB 1.1% 7025 1.2%
    189.180.110.56 3.9 MB / 235.1 MB 1.1% 577 0.1%
    189.146.166.139 10.2 MB / 206.8 MB 1.0% 405 0.1%
    192.168.58.170 17 MB / 184.8 MB 0.9% 1339 0.2%
    189.249.181.204 2.3 MB / 197 MB 0.9% 730 0.1%
    52.160.92.112 44.8 MB / 133.3 MB 0.8% 8949 1.6%
    138.201.61.158 1.5 MB / 171.3 MB 0.8% 235 0.0%
    201.162.227.135 5.7 MB / 160.8 MB 0.8% 1023 0.2%
    148.251.38.181 1.1 MB / 165.1 MB 0.8% 157 0.0%
    201.108.165.154 7.3 MB / 153.5 MB 0.7% 1449 0.3%
    Other 1 GB / 11.3 GB 57.9% 377106 66.8%
    Total: 2.5 GB / 18.8 GB Total: 564559

    Sent Received

    Top Sources and Applications


    Source % Application % Traffic
    200.55.140.135 10.4% https 100% 46.4 MB/2.2 GB

    Page 4
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    189.249.46.174 5.1% https 100% 24 MB/1.1 GB


    192.168.58.10 4.3% rdp 64.2% 544.2 MB/52.3 MB
    https 26.0% 15 MB/226.3 MB
    udp 7.4% 27.2 MB/41.4 MB
    tcp 2.1% 1.2 MB/18.5 MB
    ping 0.1% 430 KB/430 KB
    Other 0.2% 458 KB/1.3 MB
    192.168.58.174 3.4% udp 90.7% 634 MB/37.8 MB
    tcp 8.1% 48.8 MB/10.9 MB
    https 0.7% 1.8 MB/3.7 MB
    http 0.4% 134 KB/2.5 MB
    x-windows 0.1% 407 KB/43 KB
    Other 0.1% 262 KB/340 KB
    187.189.123.8 2.3% https 100% 5.2 MB/491.6 MB
    189.240.29.241 1.8% https 100% 5.9 MB/375.3 MB
    189.203.89.35 1.6% https 100% 6.9 MB/346.6 MB
    189.254.19.50 1.5% tcp 100% 8.3 MB/325.8 MB
    200.76.203.74 1.4% tcp 100% 11.7 MB/303.7 MB
    189.216.66.243 1.4% https 100% 5.1 MB/303.4 MB
    Other 66.8% 1.1 GB/13.1 GB
    Total: 2.5 GB/18.8 GB

    Sent Received

    Top Destination
    Destination Traffic(Sent/Received) % Session %
    200.66.74.167 754.5 MB / 17.1 GB 70.8% 264223 38.2%
    200.66.74.166 110.5 MB / 2.4 GB 9.8% 28553 4.1%
    200.66.74.165 195.6 MB / 1.5 GB 6.7% 58759 8.5%
    201.141.10.63 579.1 MB / 10.4 MB 2.3% 5 0.0%
    192.168.58.21 506.8 MB / 34.7 MB 2.1% 69 0.0%
    201.149.62.230 174.8 MB / 187.1 MB 1.4% 141997 20.5%
    201.151.206.20 4.3 MB / 188.8 MB 0.7% 1810 0.3%
    192.168.58.152 10.2 MB / 152.8 MB 0.6% 1037 0.1%
    201.149.62.225 23 MB / 126.3 MB 0.6% 37590 5.4%
    216.144.253.178 12.3 MB / 93.9 MB 0.4% 24 0.0%
    158.176.86.6 52.7 MB / 45.1 MB 0.4% 14 0.0%
    65.9.115.64 10 MB / 84.4 MB 0.4% 163 0.0%
    189.131.146.63 26.9 MB / 40.9 MB 0.3% 6 0.0%
    192.168.58.185 37.5 MB / 18 MB 0.2% 6 0.0%
    216.70.115.177 49.1 MB / 1.2 MB 0.2% 451 0.1%
    173.247.255.190 221 KB / 49.1 MB 0.2% 11 0.0%
    74.125.170.9 310 KB / 43.9 MB 0.2% 6 0.0%
    54.230.30.73 2.9 MB / 37.3 MB 0.2% 102 0.0%
    13.249.22.165 6.4 MB / 25.6 MB 0.1% 3745 0.5%
    178.33.162.26 30.7 MB / 759 KB 0.1% 8 0.0%
    Other 234.5 MB / 361.6 MB 2.3% 153272 22.2%
    Total: 2.8 GB / 22.4 GB Total: 691851

    Sent Received

    Traffic by To Country

    Page 5
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    16.5%
    8.6%

    Mexico = 11.2 GB(44.5%)


    8.4%
    United States = 4.2 GB(16.5%)

    Cuba = 2.2 GB(8.6%)


    6.8% Germany = 2.1 GB(8.4%)

    Internal Network = 1.7 GB(6.8%)


    44.5% Other = 3.8 GB(15.2%)
    15.2%

    Page 6
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    Web Activities
    Most Visited Web Categories
    No Data

    Most Visited Websites


    No Data

    Most Active Web Users


    No Data

    Most Visited Web Sites by Most Active Users


    No Data

    Page 7
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    VPN Analysis
    VPN Bandwidth Usage Trend

    600
    550
    500
    450
    400
    Traffic (MB)

    350
    300
    250
    200
    150
    100
    50
    0
    00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
    2020-12-29 00:00 -- 2020-12-30 00:00

    Top Site to Site Tunnels by Bandwidth Usage


    VPN Tunnel Traffic
    TT253122_2 2.5 MB

    Sent Received

    Top SSL and Dialup Users by Bandwidth Usage


    User Tunnel Type Total Duration Traffic
    e.olvera ipsec 2h 26m 48s 744.2 MB
    m.amimas ipsec 2h 19m 28s 136.8 MB
    idom ipsec 24m 40s 128 MB
    m.amimas ipsec 30m 11s 36.9 MB
    m.osorio ipsec 00m 10s 44.6 KB

    Sent Received

    Page 8
    Device: OT09419_FWSAS_Tecno-Eficientes-(FGT60E4Q..., VDom: root
    2020-12-29 00:00 - 2020-12-30 00:00 America/Mexico_City

    System Activity
    Admin Session Summary
    No Data

    Failed Admin Login Summary


    No Data

    Page 9

    You might also like