Anonymity network
An anonymity network is used to hide one's network identity, and is typically used by malware to hide its originating IP address. Enterprise network traffic should not be originating from or destined to Anonymity network.
When FortiSIEM discovers traffic destined to or originating from anonymity networks, it triggers these rules:
- Inbound Traffic from Tor Network
- Outbound Traffic to Tor Network
- Inbound Traffic from Open Proxies
- Outbound Traffic to Open Proxies
Adding an Anonymity Network
FortiSIEM provides two default groups for Anonymity Networks:
- Open Proxies: A set of open proxies in the internet. This is a static group.
- Tor Nodes : This group is dynamically updated from https://check.torproject.org/exit-addresses. You can schedule regular updates for this group by clicking on the group name, then click More > Update and provide update scheduling information.
Follow the procedure below to add an Anonymity Network:
- Click RESOURCES > Anonymity Network.
- Select the group where you want to add the anonymity network.
- Click New.
- Enter the information about the Anonymity Network.
- Click the Calendar icon to select the Date Found and Last Seen.
- Click Save.
The following sections describe about using Anonymity Network:
Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
