Threats

Threats

 

The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control
  • Intrusion incidents detected by IPS
  • Malicious web sites detected by web filtering
  • Malware/botnets detected by antivirus

This console can be filtered by Country, Destination Interface, Policy, Result, Security Action, Source Interface, Threat, and Threat Type. For more on filters, see Filtering options.

In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.

 

Scenario: Monitoring Threats to the Network

Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:

1. Go to FortiView > Threats. In the graph display, click and drag across the peak that represents the spike in threat score.

2. Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.

3. You see that a specific threat’s Threat Level is at Critical. Drill down into the threat by double-clicking or right- clicking and select Drill down to details.

4. From this summary page, you can view the source IPs and the number of sessions that came from this threat.

Double-click on one of them.

5. The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.

Only FortiGate models 100D and above support the 24 hour historical data.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.