Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-17-2016 06:36 AM Edited on ‎04-08-2022 01:24 PM By Anonymous

Article Id 192351

Technical Note: [Accelops KB] Informational - When to use Excluded Shared Device IPs

Description

Summary of Article

This article explains when the usage of "Excluded Shared Device IPs" would be needed

 

Additional Information

Scenario

If User A logs into a workstation, then we show User A associated with the workstation under Identity and Location.  If User A Logs in to Server R to pull mail, we will then also associate and attach User A with Server R.  This will repeat with other users as well.  Thus it will associate the following together:

Workstation 1 -- User A
Workstation 2 -- User B
Server R -- User A
Server R -- User B

Because there are multiple people who log into remote servers, Identity and Location does not need to display who is logging onto Server R all the time.
Hence we would Exclude the Share Device IP in order to minimize confusion as well as reduce performance cost to AO.

Version Application

ALL



 
Labels:
241
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.