FortiView

Top destinations

The Top Destinations dashboard shows information about the destination IP addresses of traffic on your FortiGate unit, as well as the application used. You can drill down the displayed information, and also select the device and time period, and apply search filters.

Figure 90:Top destinations

The following information is displayed:

Destination Displays the destination IP address and geographic region. Select the column header to sort entries by destination. You can apply a search filter to the destination (dstip) column.
Application Displays the application port and service. Select the column header to sort entries by application. You can apply a search filter to the application (app) column.
Sessions Displays the number of sessions. Select the column header to sort entries by sessions.
Bandwidth

(Sent/Received)

Displays the bandwidth value for sent and received packets. Select the column header to sort entries by bandwidth.

The following options are available:

 Refresh Refresh the displayed information.
Search Click the search field to add a search filter by destination IP, source interface (srcintf), destination interface (dstintf), policy ID

(policyid), security action (utmaction), or virtual domain (vd). Select the GO button to apply the search filter. Alternatively, you can right-click the column entry to add the search filter. Select the clear icon, , to remove the search filter.

Devices Select the device from the drop-down list or select All Devices. Select the GO button to apply the device filter.
Time Period Select the time period from the drop-down list. Select Custom from the list to specify the start and end date and time. Select the GO button to apply the time period filter.

 

N When selecting a time period with last N in the entry, you can enter the value for N in this text field.
 Custom When Custom is selected the custom icon will be displayed. Select the icon to change the custom time period.
 Go Select the GO button to apply the filter.
Pagination Select the number of entries to display per page and browse pages.
Right-click menu  
 Application Select to drill down by application to view application related information including the service and port, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the application (app) column to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Destinations page.

 Source Select to drill down by source to view source related information including the source IP address, device MAC address or FQDN, threat weight, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the source (srcip) and device

(dev_src) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Destinations page.

 Threat Select to drill down by threat to view threat related information including the threat type, category, threat level, threat weight, and number of incidents.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the threat (threat) or category

(threattype) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Destinations page.

 Sessions Select to drill down by sessions to view session related information including date/time, source/device, destination IP address and geographic region, service, bandwidth (sent/received), user, application, and security action.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip), service

(service), user (user), or application (app) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Sources page.

 Search Add a search filter by destination IP. Select the GO button to apply the filter. Select the clear icon,      , to remove the search filter.

Top web sites

The Top Web Sites dashboard lists the top allowed and top blocked web sites. You can drill down the displayed information, and also select the device and time period, and apply search filters.

Figure 91:Top web sites

The following information is displayed:

Domain Displays the domain name. Select the column header to sort entries by domain. You can apply a search filter to the domain (domain) column. This column is only shown when Domain is selected in the domain/category drop-down list.
Category Displays the web site category. Select the column header to sort entries by category.
Browsing Time Displays the web site browsing time. Select the column header to sort entries by browsing time.
Threat Weight Displays the web site threat weight value. Select the column header to sort entries by threat weight.
Sessions Displays the number of sessions. Select the column header to sort entries by sessions.
Bandwidth

(Sent/Received)

Displays the bandwidth value for sent and received packets. Select the column header to sort entries by bandwidth.

The following options are available:

 Refresh Refresh the displayed information.
Search Click the search field to add a search filter by domain, source interface

(srcintf), destination interface (dstintf), policy ID (policyid), security action (utmaction), or virtual domain (vd). Select the GO button to apply the search filter. Alternatively, you can right-click the column entry to add the search filter. Select the clear icon, , to remove the search filter.

 

Devices Select the device from the drop-down list or select All Devices. Select the GO button to apply the device filter.
Time Period Select the time period from the drop-down list. Select Custom from the list to specify the start and end date and time. Select the GO button to apply the time period filter.
N When selecting a time period with last N in the entry, you can enter the value for N in this text field.
 Custom When Custom is selected the custom icon will be displayed. Select the icon to change the custom time period.
Domain/Category Select to view information based on either the domain or the category.
 Go Select the GO button to apply the filter.
Pagination Select the number of entries to display per page and browse pages.
Right-click menu  
 Source Select to drill down by source to view source related information including the source IP address, device MAC address or FQDN, threat weight, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the source (srcip) and device

(dev_src) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Web Sites page.

 Destination Select to drill down by destination to view destination related information including the destination IP address and geographic region, the threat weight value, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip) column to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Web Sites page.

 Category Select to drill down by category to view category related information including category, browsing time, threat weight, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Web Sites page.

 Threat Select to drill down by threat to view threat related information including the threat type, category, threat level, threat weight, and number of incidents.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the threat (threat) or category

(threattype) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Destinations page.

 Sessions Select to drill down by sessions to view session related information including date/time, source/device, destination IP address and geographic region, service, bandwidth (sent/received), user, application, and security action.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip), service

(service), user (user), or application (app) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Sources page.

 Search Add a search filter by domain (domain) or category (catdesc). Select the GO button to apply the filter. Select the clear icon, , to remove the search filter.

Top threats

The Top Threats dashboard lists the top users involved in incidents, as well as information on the top threats to your network. You can drill down the displayed information, and also select the device and time period, and apply search filters.

  • Risk applications detected by application control
  • Intrusion incidents detected by IPS • Malicious web sites detected by web filtering
  • Malware/botnets detected by antivirus.

Figure 92:Top threats

The following information is displayed:

Threat Displays the threat type. Select the column header to sort entries by category. You can apply a search filter to the threat (threat) column.
Category Displays the threat category. Select the column header to sort entries by category. You can apply a search filter to the category (threattype) column.
Threat Level Displays the threat level. Select the column header to sort entries by threat level.
Threat Weight Displays the threat weight value. Select the column header to sort entries by threat weight.
Incidents Displays the number of incidents for this threat type. Select the column header to sort entries by incidents.

The following options are available:

 Refresh Refresh the displayed information.
Search Click the search field to add a search filter by threat, threat type, source interface (srcintf), destination interface (dstintf), policy ID

(policyid), security action (utmaction), or virtual domain (vd). Select the GO button to apply the search filter. Alternatively, you can right-click the column entry to add the search filter. Select the clear icon, , to remove the search filter.

Devices Select the device from the drop-down list or select All Devices. Select the GO button to apply the device filter.
Time Period Select the time period from the drop-down list. Select Custom from the list to specify the start and end date and time. Select the GO button to apply the time period filter.
N When selecting a time period with last N in the entry, you can enter the value for N in this text field.

 

 Custom When Custom is selected the custom icon will be displayed. Select the icon to change the custom time period.
 Go Select the GO button to apply the filter.
Pagination Select the number of entries to display per page and browse pages.
Right-click menu  
 Source Select to drill down by source to view source related information including the source IP address, device MAC address or FQDN, threat weight, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the source (srcip) and device

(dev_src) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Threats page.

 Destination Select to drill down by destination to view destination related information including the destination IP address and geographic region, the threat weight value, number of sessions, and bandwidth (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip) column to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Threats page.

 Sessions Select to drill down by sessions to view session related information including date/time, source/device, destination IP address and geographic region, service, bandwidth (sent/received), user, application, and security action.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip), service

(service), user (user), or application (app) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon, , to return to the Top Threats page.

 Search Add a search filter by threat (threat) or category (threattype). Select the GO button to apply the filter. Select the clear icon, , to remove the search filter.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiAnalyzer and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.