As in this MIB documentation: http://www.circitor.fr/Mibs/Html/F/FORTINET-FORTIGATE-MIB.php#fgIpsAnomalyDetections
fgIpsAnomalyDetections 1.3.6.1.4.1.12356.101.9.2.1.1.9
Number of intrusions DECed as anomalies since start-up in this virtual domain
Asked
Active
Viewed 113 times
0
Ferdinand.kraft
- 103
- 2
-
I read that as detected. The word Detections is right above it. But it is a dumb word to abbreviate, in the context of the sentence. – Frank Thomas May 11 '19 at 06:55
1 Answers
2
It most likely means "Decoded" in this context, as "decoder" is the language keyword Fortinet uses to describe their anomaly detection:
The FortiGate IPS uses protocol decoders to identify the abnormal traffic patterns that do not meet the protocol requirements and standards. For example, the HTTP decoder monitors the HTTP traffic to identify any HTTP packets that do not meet the HTTP protocol standards.
I would consider this a vendor-specific term rather than an industry term.
Another option might be "Decrypted", because Fortinet uses "dec" as their keyword for "decryption" (e.g., set dec-offload-antireplay {enable | disable}) but I truly think "Decoded" better matches the log entry you're looking at.
gowenfawr
- 71,975
- 17
- 161
- 198
-
Thanks for the quick answer. I was thinking it could mean "DEClassified", but now it seems to be the opposite! – Ferdinand.kraft May 11 '19 at 02:13