fortigate lan wan Fortigate: trafic lan vers wan 100250 dstip=10\.|dstip=192\.168\.|dstip=172\.1[6-9]\.|dstip=172\.2[0-9]\.|dstip=172\.3[01]\. Fortigate: destination IP publique confirmee 100251 ^[1-9]\d{8}$ Fortigate: Large outbound transfer ($(sentbyte) bytes) from $(srcip) to $(dstip) 100251 ^[5-9]\d{8}$ Fortigate: Large outbound transfer ($(sentbyte) bytes) from $(srcip) to $(dstip) 100251 ^(?:[1-9]\d{9})$ CRITICAL - Fortigate: Massive outbound transfer 1GB from $(srcip) to $(dstip) 100252 Fortigate: Repeated large transfers from $(srcip) - possible large exfiltration in progress 100254 00:00-05:00 Fortigate: Large transfers from $(srcip) in quiet hour - possible large exfiltration 100251 ^\d{11,}$ CRITICAL - Fortigate: Massive outbound transfer 10GB from $(srcip) to $(dstip)