Application and Risk Analysis

Report Date: April 28, 2023 11:24

Data Range: 2023-01-01 00:00:00 2023-04-28 00:00:00CLT (FAZ local)

Fortinet Inc. All rights reserved. Created on: April 28, 2023 11:24
 Table of Contents

Application Control and Assessing Risks 3

Application Visibility is Critical 3
Complete Content Protection 3
Backed by FortiGuard 3

Top Application Users By Bandwidth 4

Top Users By Bandwidth 4

Top Application Users By Sessions 5

Top User Sources By Sessions 5

Client Reputation 6
Top Users By Reputation Scores 6
Top Devices By Reputation Scores 6

Application Usage By Category 7

Top 10 Application Categories by Bandwidth Usage 7
Application Categories By Bandwidth Usage 7

Applications Detected by Risk Behavior 8

Number of Applications by Risk Behavior 8
High Risk Applications 8

Key Applications Crossing The Network 9

Key Applications Crossing The Network 9

Applications Running Over HTTP 10

Top Applications Running Over HTTP 10

Top Web Categories Visited By Network Users 11

Top Web Categories By Sessions 11
Top Web Categories By Sessions/Bandwidth 11

Top Web Sites Visited By Network Users 12

Top Web Domains By Visits 12

Top Destination Countries By Browsing Time 13

Top Destination Countries By Browsing Time 13

Top Web Sites By Browsing Time 14

Top Web Sites By Browsing Time 14

Top Threats Crossing The Network 15

Top Threat Crossing The Network 15
Top Critical Threats Crossing The Network 15
Top High Threats Crossing The Network 16
Top Medium Threats Crossing The Network 16
Top Low Threats Crossing The Network 17
Top Info Threats Crossing The Network 17

Top 20 Viruses Crossing The Network 18

Top Viruses By Name 18

Top Virus Victims 19

Top Virus Victims 19
Malwares Discovered 19
Application Vulnerabilities Discovered 19

Data Loss Prevention Events 20

Top Data Loss Prevention Events 20

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 1 of 21
 Appendix A 21
Devices 21

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 2 of 21
Application Control and Assessing Risks
Application Visibility is Critical

Application control provides granular policy enforcement

of application traffic, even with the multitude of traffic
using HTTP, which traditional firewalls and security
gateways cannot distinguish. It includes the ability to
identify more applications than any other vendor in the
market, and to selectively block application behavior to
minimize the risk of data loss or network compromise.

Complete Content Protection

Assessing network risks requires complete content

protection, which is more than simply identifying
applications and allowing or denying traffic. It is
application control coupled with identity-based policy
enforcement of all content. It enables organizations to
utilize all the security and networking technologies
included in the FortiGate platforms, such as access
control, traffic shaping, IPS, DLP, and
antivirus/antispyware. Complete content protection
continuously protects networks against malicious content
hidden within applications and data, even from trusted
applications from trusted sources.

Backed by FortiGuard

Fortinet has been giving its customers the ability to

deploy application-based security since FortiOS 3.0,
enabling them to detect and manage applications
independent of port or protocol. FortiGuard is the
culmination of years worth of security research. New
applications and potential threats are identified daily to
keep your network up to speed.

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 3 of 21
Top Application Users By Bandwidth
This chart provides information about the users who are creating the most network traffic in terms of bandwidth
usage. It helps the network manager to identify users that are potentially abusing network usage or creating traffic
that does not comply with internal security policies. The following chart displays the top 20 users by bandwidth
usage.

Top Users By Bandwidth

# User (or IP) Source IP Bandwidth Sent Received
1 10.10.0.250 10.10.0.250 653.80 GB
2 dcorrea 172.16.41.29 582.20 GB
3 10.10.0.243 10.10.0.243 559.89 GB
4 jarancib 172.16.41.39 437.06 GB
5 mquenpul 172.16.41.38 381.23 GB
6 esierra 172.16.42.28 347.24 GB
7 172.16.79.49 172.16.79.49 299.55 GB
8 aaguayo 172.16.41.75 290.77 GB
9 fmartine 172.16.41.41 252.49 GB
10 osuah 172.16.45.65 244.98 GB
11 172.16.47.73 172.16.47.73 238.83 GB
12 soporte 172.16.41.59 202.30 GB
13 rapablaza 172.16.42.33 200.37 GB
14 172.16.47.33 172.16.47.33 188.05 GB
15 172.16.47.35 172.16.47.35 184.92 GB
16 172.16.47.170 172.16.47.170 180.32 GB
17 172.16.41.53 172.16.41.53 179.79 GB
18 172.16.47.44 172.16.47.44 152.10 GB
19 mluco 172.16.49.22 145.21 GB
20 172.16.47.81 172.16.47.81 142.59 GB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 4 of 21
Top Application Users By Sessions
The Top Users In Terms of Sessions section illustrates the quantity of network users who are opening the highest
number of connections. This is a critical value because some users could open much more sessions than they are
suppose to. Statistics on the amount of sessions a user has opened and the memory space used by these sessions
is recorded in the FortiGate. The following chart displays the top 20 users by the number of sessions.

Top User Sources By Sessions

# User (or IP) Source IP Sessions
1 172.16.8.140 172.16.8.140 31,398,759
2 172.16.10.188 172.16.10.188 12,748,645
3 172.16.79.51 172.16.79.51 8,742,252
4 adm_rparraguez 172.16.8.71 8,289,960
5 172.16.8.135 172.16.8.135 6,210,274
6 172.16.41.53 172.16.41.53 5,368,240
7 10.10.0.4 10.10.0.4 2,534,772
8 172.16.8.112 172.16.8.112 1,856,037
9 192.168.200.13 192.168.200.13 1,768,514
10 mquenpul 172.16.41.38 1,401,828
11 cahumada 172.16.44.64 1,392,545
12 crolivares 172.16.43.40 1,362,735
13 aaguayo 172.16.41.75 1,281,832
14 fpressac 172.16.46.44 1,249,057
15 dcorrea 172.16.41.29 1,242,767
16 mapino 172.16.42.22 1,179,226
17 edleyton 172.16.44.59 1,149,311
18 mbarrera 172.16.44.29 1,114,415
19 10.25.1.161 10.25.1.161 1,088,905
20 mrodrigu 172.16.46.42 987,436

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 5 of 21
Client Reputation
The Security scan types available on FortiGate units are varied and tailored to detect specific attacks. However,
sometimes user/client behavior can increase the risk of attack or infection. For example, if one of your network
clients receives email viruses on a daily basis while no other clients receive these attachments, extra measures may
be required to protect the client, or a discussion with the user about this issue may be worthwhile. Before you can
decide on a course of action, you need to know the problem is occurring. Client reputation can provide this
information by tracking client behavior and reporting on activities that you determine are risky or otherwise
noteworthy.

Top Users By Reputation Scores

# User (or IP) Scores
1 soporte 25,206,455
2 labingles 9,100,630
3 172.16.79.51 7,450,550
4 172.16.8.140 4,034,560
5 mbarrera 3,321,605
6 edleyton 2,784,100
7 xipoblete 2,781,940
8 172.16.162.110 2,515,205
9 jneira 2,507,885
10 mnorambuen 2,377,345

Top Devices By Reputation Scores

# Device Scores
1 Printer laser-uah 7,450,550
2 Server 00:50:56:a2:7e:84 4,034,560
3 DESKTOP-EO9BM8V 3,388,740
4 mbarrera 3,321,605
5 EDLEYTON2022.corporativo.uahurtado.cl 2,784,100
6 xipoblete.corporativo.uahurtado.cl 2,781,940
7 JNEIRA002-PC 2,507,885
8 mnorambuen.corporativo.uahurtado.cl 2,377,345
9 DESKTOP-ABHE59V 2,325,675
10 MRODRIGU-2022.corporativo.uahurtado.cl 2,264,590

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 6 of 21
Application Usage By Category
As part of the traffic classification process, the FortiGate Top 10 Application Categories by Bandwidth
identifies and categorizes the applications crossing the Usage
network into different categories based on the number
21.42% Network.Service (7.09 TB)
of sessions and bandwidth. This data complements the 18.32% Update (6.07 TB)
granular application threat data and provides a more 16.08% Collaboration (5.32 TB)
12.52% General.Interest (4.14 TB)
complete summary of the types of applications in use on
9.75% Web.Client (3.23 TB)
the network. 7.44% Storage.Backup (2.46 TB)
5.23% Video/Audio (1.73 TB)
2.86% Social.Media (969.77 GB)
2.58% Unknown (875.63 GB)
2.58% Email (874.42 GB)
1.22% Others (414.89 GB)

Application Categories By Bandwidth Usage

# Application Category Bandwidth
1 Network.Service 7.05 TB
2 Update 6.01 TB
3 Collaboration 5.30 TB
4 General.Interest 4.12 TB
5 Web.Client 3.20 TB
6 Storage.Backup 2.45 TB
7 Video/Audio 1.71 TB
8 Social.Media 967.16 GB
9 Unknown 871.63 GB
10 Email 871.34 GB
11 Game 145.47 GB
12 Cloud.IT 142.67 GB
13 P2P 94.51 GB
14 Business 16.93 GB
15 Remote.Access 14.13 GB
16 Mobile 181.02 MB
17 VoIP 132.13 MB
18 Proxy 32.95 MB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 7 of 21
Applications Detected by Risk Behavior
Modern security organizations need increasingly complex security processes in place to handle the myriad
applications in use on the network and in the data center. The problem is determining which applications in your
environment are most likely to cause harm. The following charts provide a breakdown of the high risk applications
identified on the network. It has been determined by FortiGuard Labs that these applications represent possible
vectors for data compromise, network intrusion, or a reduction in network performance.

Number of Applications by Risk Behavior

# Risk Number of Applications Percentage
1 Tunneling 48,617 3.32%
2 Evasive 6,583 0.45%
3 Excessive-Bandwidth 25 0.00%
4 Excessive-Bandwidth 1,408,496 96.23%

High Risk Applications

Application
# Risk Category Technology Bandwidth Sessions
Name
1 Tunneling Proxy.HTTP Proxy Network-Proto 20,170
12.29 MB
col
2 Tunneling Cloudflare.1 Proxy Client-Server 7.00 MB 13,126
.1.1.1.VPN
3 Tunneling CyberGhost Proxy Client-Server 2.37 MB 3,546
.VPN
4 Evasive,Tunne Hola.Unbloc Proxy Client-Server 1.96 MB 3,387
ling ker
5 Tunneling SurfEasy.VP Proxy Client-Server 0B 3,027
N
6 Evasive,Tunne Ultrasurf_9. Proxy Client-Server 1.09 MB 1,647
ling 6+
7 Tunneling Touch.VPN Proxy Client-Server 10.94 KB 685
8 Evasive,Tunne Psiphon Proxy Client-Server 2.96 MB 593
ling
9 Evasive,Tunne Freegate.Se Proxy Client-Server 29.71 KB 585
ling arching
10 Tunneling Surfshark.V Proxy Client-Server 333.42 KB 466
PN
11 Tunneling X-VPN Proxy Client-Server 268.94 KB 355
12 Evasive,Tunne Tor Proxy Client-Server 471.94 KB 302
ling
13 Tunneling Opera.VPN Proxy Client-Server 162.72 KB 222
14 Tunneling Turbo.VPN Proxy Client-Server 27.76 KB 144
15 Tunneling WindScribe Proxy Client-Server 0B 122
16 Evasive,Tunne Hotspot.Shi Proxy Client-Server 86.80 KB 69
ling eld
17 Tunneling WireGuard Proxy Client-Server 48.74 KB 65
18 Tunneling Hamachi Proxy Client-Server 0B 46
19 Tunneling TunnelBear Proxy Client-Server 23.29 KB 34
20 Excessive-Ban Monero.Cry Client-Server 1.85 MB 25
dwidth ptocurrency.Mi General.Interest
ner

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 8 of 21
Key Applications Crossing The Network
This part of the PoC Security Report offers a summary of the key applications crossing the network based on the
amount of bandwidth they are using and then sorted into different application types. It provides a high level view of
the types of application that are used most commonly across the network.

Key Applications Crossing The Network

# Application Category Sessions Bandwidth
1 QUIC Network.Service 21,131,038 5.47 TB
2 Microsoft.Windows.Update Update 4,918,447 5.03 TB
3 HTTPS.BROWSER Web.Client 20,385,400 2.81 TB
4 Google.Services General.Interest 6,392,296 1.52 TB
5 Adobe.Web General.Interest 325,160 1.48 TB
6 OneDrive Storage.Backup 357,008 1.04 TB
7 Microsoft.Office.Online Collaboration 2,959,473 976.98 GB
8 Skype_Video Collaboration 2,567 944.08 GB
9 Dropbox Storage.Backup 701,068 825.06 GB
10 Microsoft.SharePoint Collaboration 1,017,675 777.28 GB
11 Facebook Social.Media 1,322,346 695.94 GB
12 Microsoft.Portal Collaboration 9,017,440 614.00 GB
13 udp/443 Unknown 220,526 528.69 GB
14 Microsoft.Outlook.Office.365 Email 2,644,515 512.55 GB
15 Microsoft.Office.365.Portal Collaboration 1,698,151 368.04 GB
16 SSL Network.Service 1,121,964 360.45 GB
17 Zoom Collaboration 60,345 348.67 GB
18 YouTube Video/Audio 556,937 339.05 GB
19 TikTok Video/Audio 651,384 313.03 GB
20 Twitch Video/Audio 50,875 285.35 GB
21 Netflix Video/Audio 62,147 264.66 GB
22 Google-Web Unknown 116,098 231.63 GB
23 Apple.Services General.Interest 627,406 229.40 GB
24 Spotify Video/Audio 307,616 169.69 GB
25 Gmail Email 964,249 169.35 GB
26 Apple.Store General.Interest 225,882 164.85 GB
27 STUN Network.Service 88,525 164.85 GB
28 Microsoft.Teams Collaboration 2,334,466 150.04 GB
29 WhatsApp Collaboration 862,440 126.65 GB
30 Steam Game 23,168 105.27 GB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 9 of 21
Applications Running Over HTTP
This section provides an overview of applications crossing the network that use HTTP. Software updates, error
reporting or help guides are used by different business applications as a means of improving the overall user
experience. Social networks, streaming video or audio, file sharing are among the most common non-business
applications that use HTTP. Assessing the number and type of applications that use HTTP provides a critical part of
developing an efficient network security strategy.

Top Applications Running Over HTTP

# Application Sessions Bandwidth
1 Microsoft.Windows.Update 1,804,167 4.77 TB
2 HTTPS.BROWSER 18,320,536 2.38 TB
3 HTTPS 25,565,832 1.46 TB
4 Adobe.Web 254,959 1.14 TB
5 HTTP 7,372,521 1.07 TB
6 Google.Services 960,391 871.69 GB
7 OneDrive 280,301 854.52 GB
8 Microsoft.Office.Online 2,383,451 777.17 GB
9 Dropbox 555,830 656.03 GB
10 Microsoft.SharePoint 823,199 646.65 GB
11 Microsoft.Portal 6,916,994 504.46 GB
12 Microsoft.Outlook.Office.365 2,168,783 421.23 GB
13 YouTube 448,151 278.57 GB
14 Google.Services 3,988,459 277.32 GB
15 SSL 902,214 254.88 GB
16 Microsoft.Office.365.Portal 70,748 243.69 GB
17 Twitch 41,821 242.34 GB
18 TikTok 491,786 236.35 GB
19 Netflix 49,204 204.02 GB
20 Apple.Store 173,737 130.59 GB
21 Spotify 222,280 130.38 GB
22 Apple.Services 430,895 128.39 GB
23 Facebook 774,716 120.47 GB
24 Gmail 438,883 120.32 GB
25 Microsoft.Teams 1,844,834 102.31 GB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 10 of 21
Top Web Categories Visited By Network Users
User browsing habits can not only be indicative of Top Web Categories By Sessions
inefficient use of corporate resources, but can also
42.49% Proxy Avoidance (239,062 )
indicate an inefficient optimization of web filtering 25.92% Unrated (145,845 )
policies. It can also give some insight into the general 14.17% Hacking (79,727 )
8.52% Phishing (47,912 )
web browsing habits of corporate users and assist in
4.92% Dating (27,700 )
defining corporate compliance guidelines. This chart 1.78% Malicious Websites (9,997 )
details web categories by the number of times URLs 0.55% Spam URLs (3,116 )
within those categories were requested and by the 0.53% Other Adult Materials (2,965 )
0.42% Pornography (2,361 )
number of bandwidth used. 0.40% Newly Registered Domain (2,266 )
0.31% Others (1,719 )

Top Web Categories By Sessions/Bandwidth

# Category Description Sessions Bandwidth
1 Proxy Avoidance 239,062 1.13 GB
2 Unrated 145,845 4.63 GB
3 Hacking 79,727 402.73 MB
4 Phishing 47,912 275.38 MB
5 Dating 27,700 167.04 MB
6 Malicious Websites 9,997 52.51 MB
7 Spam URLs 3,116 15.70 MB
8 Other Adult Materials 2,965 26.68 MB
9 Pornography 2,361 13.72 MB
10 Newly Registered Domain 2,266 24.79 MB
11 Newly Observed Domain 739 103.06 MB
12 Alcohol 492 88.70 MB
13 Advocacy Organizations 268 4.08 MB
14 Weapons (Sales) 56 248.36 KB
15 Lingerie and Swimsuit 54 294.53 KB
16 Dynamic DNS 43 252.96 KB
17 Alternative Beliefs 30 178.25 KB
18 Abortion 14 53.25 KB
19 Marijuana 13 81.57 KB
20 Sports Hunting and War Games 9 51.74 KB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 11 of 21
Top Web Sites Visited By Network Users
Identifying and managing the top URLs visited by network users provides greater visibility and control, and
subsequently, better network security. By leveraging Fortinet threat prevention, application control and URL filter
technologies, the volume of web sites by category can be reviewed and strategies put in place to prevent users
accessing sites considered to be a risk to overall network security.

Top Web Domains By Visits

# Domain Category Visits
1 doh.dns.apple.com Proxy Avoidance 200,988
2 3.217.17.36 Unrated 115,725
3 trendlavida.com Phishing 28,651
4 youradexchange.com Hacking 15,815
5 mask-h2.icloud.com Proxy Avoidance 12,762
6 publpush.com Hacking 11,569
7 cdns.grindr.com Dating 7,794
8 d.langhort.com Hacking 7,503
9 presence.grindr.com Dating 6,339
10 bdadvisors.ma Phishing 4,901
11 api.itopvpn.com Proxy Avoidance 4,312
12 api.gotinder.com Dating 3,947
13 images-ssl.gotinder.com Dating 3,469
14 stonkstime.com Hacking 3,346
15 supapush.net Hacking 3,063
16 pepepush.net Hacking 2,981
17 omnatuor.com Hacking 2,768
18 g0push.com Hacking 2,263
19 oaphoace.net Hacking 2,072
20 gfs302n111.userstorage.mega.co.nz Malicious Websites 2,059

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 12 of 21
Top Destination Countries By Browsing Time
The following chart shows the distribution of web traffic according to the destination country. This chart offers the
possibility to the network administrator to analyze which countries web sites are visited for longer time. The
administrator can then decide to create security policy based on Geo-location.

Top Destination Countries By Browsing Time

# Destination Country/Region Browsing Time(hh:mm:ss) Bandwidth Sent Received
1 United States 1.99 GB
148:36:52
2 Netherlands 29:50:31 2.14 GB
3 Chile 18:54:26 476.51 MB
4 India 05:10:34 9.36 MB
5 Singapore 04:15:42 2.26 MB
6 Brazil 03:36:37 16.92 MB
7 Ireland 03:21:40 1.73 MB
8 Germany 02:58:55 37.83 MB
9 Russian Federation 02:16:59 2.52 MB
10 France 00:40:11 3.32 MB
11 Japan 00:32:42 6.63 MB
12 United Kingdom 00:25:32 8.29 MB
13 Spain 00:19:22 4.82 MB
14 Korea, Republic of 00:16:55 154.74 KB
15 Finland 00:14:21 1.03 MB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 13 of 21
Top Web Sites By Browsing Time
The following chart shows the web sites that users visit for longer time. The administrator can then decide to create
security policy to mitigate or block web sites access, accordingly to internal corporate policy.

Top Web Sites By Browsing Time

# Website Browsing Time(hh:mm:ss) Bandwidth Sent Received
1 3.217.17.36 73:13:56 129.15 MB
2 searchgpt-app.com 15:24:26 1.37 MB
3 190.153.243.45 14:32:09 22.17 MB
4 hewalleges.guru 12:09:37 9.77 MB
5 spritzawapuhi.guru 06:45:05 8.41 MB
6 makeemviral1.com 05:35:59 703.89 KB
7 videogamewatch133.com 04:48:01 844.66 KB
8 getottsites.info 04:17:31 8.62 MB
9 api.fsnservice.com 03:21:59 10.86 MB
10 hazanuttriazo.life 03:17:38 3.67 MB
11 ipm.adblock.dev 02:43:08 1.04 MB
12 64.233.186.192 02:06:20 11.48 MB
13 xx.foetorsnudisms.com 02:05:41 3.76 MB
14 moderningvigil.org 01:54:06 557.56 KB
15 extratools.org 01:50:56 231.52 KB

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 14 of 21
Top Threats Crossing The Network
By individually reviewing both the applications and traffic Top Threat Crossing The Network
flows crossing the network, threat vector identification
and prevention becomes easier. Threat prevention
technologies filter the total number of applications and
82.29% Critical (123,155 )
traffic crossing the network down to those applications
8.85% high (13,245 )
or packets that pose a potential risk, picking up threat 5.30% low (7,936 )
vectors such as spyware, application vulnerabilities or 3.56% medium (5,328 )
viruses. The result is improved overall network
performance and lower network latency.

Top Critical Threats Crossing The Network

# Attack Name Reference Total Num
1 ip_dst_session http://www.fortinet.com/ids/VID1677 69,729
7324
2 udp_flood http://www.fortinet.com/ids/VID2852 44,293
12772
3 udp_dst_session http://www.fortinet.com/ids/VID2852 1,977
12775
4 ThinkPHP.Controller.Parameter.Remote.Code.Exec http://www.fortinet.com/ids/VID4729 1,567
ution 1
5 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution http://www.fortinet.com/ids/VID4576 1,439
5
6 MS.Windows.HTTP.sys.Request.Handling.Remote. http://www.fortinet.com/ids/VID4040 609
Code.Execution 2
7 TrueOnline.ZyXEL.P660HN.V1.Unauthenticated.Co http://www.fortinet.com/ids/VID4361 500
mmand.Injection 9
8 D-Link.Devices.HNAP.SOAPAction-Header.Comma http://www.fortinet.com/ids/VID4077 386
nd.Execution 2
9 ip_src_session http://www.fortinet.com/ids/VID1677 254
7322
10 WordPress.HTTP.Path.Traversal http://www.fortinet.com/ids/VID4697 251
6

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 15 of 21
Top High Threats Crossing The Network
# Attack Name Reference Total Num
1 Multiple.Routers.GPON.formLogin.Remote.Comm http://www.fortinet.com/ids/VID5258 2,825
and.Injection 8
2 MS.Office.EQNEDT32.EXE.Equation.Parsing.Memor http://www.fortinet.com/ids/VID4494 1,917
y.Corruption 7
3 AndroxGh0st.Malware http://www.fortinet.com/ids/VID5256 1,555
7
4 Web.Server.Password.File.Access http://www.fortinet.com/ids/VID4333 1,102
6
5 Mirai.Botnet http://www.fortinet.com/ids/VID4319 922
1
6 Bot.Network.Malicious.PHP.Upload http://www.fortinet.com/ids/VID4457 908
9
7 PHP.Malicious.Shell http://www.fortinet.com/ids/VID4458 784
0
8 HTTP.URI.SQL.Injection http://www.fortinet.com/ids/VID1562 700
1
9 Apache.HTTP.Server.cgi-bin.Path.Traversal http://www.fortinet.com/ids/VID5082 627
5
10 Generic.XXE.Detection http://www.fortinet.com/ids/VID3241 604
6

Top Medium Threats Crossing The Network

# Attack Name Reference Total Num
1 WordPress.xmlrpc.php.system.multicall.Amplificati http://www.fortinet.com/ids/VID4886 1,858
on.Attack 8
2 WordPress.REST.API.Username.Enumeration.Infor http://www.fortinet.com/ids/VID4807 1,630
mation.Disclosure 2
3 PHP.Diescan http://www.fortinet.com/ids/VID4764 585
5
4 Apache.Solr.SolrResourceLoader.Directory.Travers http://www.fortinet.com/ids/VID3767 581
al 7
5 WordPress.xmlrpc.Pingback.DoS http://www.fortinet.com/ids/VID3825 366
7
6 Atlassian.Server.S.Endpoint.Information.Disclosure http://www.fortinet.com/ids/VID5085 65
7
7 FCKeditor.CurrentFolder.Arbitrary.File.Upload http://www.fortinet.com/ids/VID1757 50
0
8 Oracle.WebLogic.Fusion.Middleware.UDDIexplorer http://www.fortinet.com/ids/VID4961 32
.SSRF 7
9 YCCMS.Factory.File.Remote.Code.Execution http://www.fortinet.com/ids/VID5002 31
2
10 Coremail.Mail.System.mailsms.Config.Information. http://www.fortinet.com/ids/VID5001 30
Disclosure 9

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 16 of 21
Top Low Threats Crossing The Network
# Attack Name Reference Total Num
1 ZGrab.Scanner http://www.fortinet.com/ids/VID48805 5,222
2 Censys.io.Scanner http://www.fortinet.com/ids/VID50899 1,636
3 Muieblackcat.Scanner http://www.fortinet.com/ids/VID40582 525
4 Nmap.Script.Scanner http://www.fortinet.com/ids/VID45360 361
5 Masscan.Scanner http://www.fortinet.com/ids/VID44778 159
6 Atlassian.Jira.Server.Dashboard.Config.Information. http://www.fortinet.com/ids/VID48313 29
Disclosure
7 ffuf.Web.Fuzzer http://www.fortinet.com/ids/VID48818 4

Top Info Threats Crossing The Network

No matching log data for this report

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 17 of 21
Top 20 Viruses Crossing The Network
As the FortiGate scans the network, it provides information about the viruses that are crossing the network. The
Fortigate is able to apply different strategies in order to detect malware: - Signatures: Fortinet's Compact Pattern
Recognition Language (CPRL) - Heuristics: These are applied to: * file structure; * API call. The FortiGate's antivirus
engine provides two main capabilities: Decompression allows embedded files to be extracted; Emulation allows the
hidden layers of malicious file of be extracted.

Top Viruses By Name

# Virus Name Occurrences
1 MSOffice/TROJ_GEN.F04IE00DE23!tr 327
2 PDF/Phishing.DB83!tr 313
3 MSOffice/CVE_2018_0798.BOR!exploit 125
4 PDF/Agent.TIDC!tr.dldr 108
5 MSWord/Phish.4BB5!tr 21
6 Riskware/IncompleteUninstallLightshot 21
7 Linux/Mirai.REAL!tr 20
8 ELF/Mirai.IA!tr 16
9 Riskware/Application 13
10 BAT/Agent.0650!tr 12
11 MSIL/GenKryptik.AVR!tr 10
12 ELF/Mirai.A!tr 8
13 MSOffice/Agent.CF!tr.dldr 6
14 Linux/Redis.TSU!tr 4
15 ELF/Mirai.ASX!tr 4
16 ELF/Gafgyt.AEA!tr 4
17 MSIL/Agent.PBK!tr.dldr 4

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 18 of 21
Top Virus Victims
This counter provides information about which network users are more prone to infection from viruses. This
enables direct identification of the host(s) that are creating sources of malicious traffic on the network. The
following chart displays the counter of the number of viruses per end user.

Top Virus Victims

# Virus Victims Occurrences
1 201.238.246.180 900
2 172.16.11.230 56
3 172.16.41.53 34
4 20.106.215.139 12
5 172.16.11.43 7
6 77.91.84.42 7

Malwares Discovered
# Day Malware
1 2023-04-26 318
2 2023-04-27 183
3 2023-04-25 129
4 2023-04-24 92
5 2023-04-19 86
6 2023-04-08 50
7 2023-04-22 34

Application Vulnerabilities Discovered

No matching log data for this report

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 19 of 21
Data Loss Prevention Events
Fortinet Data Loss Prevention solution uses sophisticated pattern matching techniques and user identity to detect
and prevent unauthorized communication of sensitive information and files through the network perimeter.
Fortinet DLP features include fingerprinting of document files and document file sources, multiple inspection modes
(proxy and flow-based), enhanced pattern matching and data archiving. Let's remember that data loss events
continue to increase every year, resulting in fines, penalties and loss of revenue for companies worldwide. Many
data loss events are caused by trusted employees who frequently send sensitive data into untrusted zones, either
intentionally or by accident.

Top Data Loss Prevention Events

No matching log data for this report

Notes
Traffic sessions that are not scanned by the Application Control engine are excluded from application category related
charts in this report. Please enable Application Control to allow application traffic to be properly identified/secured on your
network.

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 20 of 21
Appendix A
Devices

F500e
F600E_Master

Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 21 of 21