After the scan is completed, the report is displayed on Scan History page.
Name of the task.
Time the report was created.
On the far right.
|Add Filter—Sort by Name, Created Time
By analyzing the scan results in the imported report, FortiADC automatically generates a WAF profile to prevent the reported attacks. In the Automatic Policy, you will required to specify the name of the generated WAF profile and the actions to be taken upon the attacks.
To edit the Automatic Policy:
- In Web Application Firewall > Web Vulnerability Scanner > Scan History, find the desired report in the table, click the Icon to edit the Automatic Policy.
- Configure the following settings.
Generate Policies Automatically
If enabled, FortiADC will automatically generate an Automatic Policy and update it every time it runs the web vulnerability scan.
Merge the Report to Existing Profile
If disabled, FortiADC generates a new WAF profile based on the scan results.
If enabled, the WAF settings based on the scan results will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.
Profile Name Enter a name for the newly generated WAF profile, and select an existing WAF profile. Action - High Select the action that FortiADC will take if High severity attacks are detected. Action - Medium Select the action that FortiADC will take if Medium severity attacks are detected. Action - Low Select the action that FortiADC will take if Low severity attacks are detected.
- Click Save.
After the auto policy is saved, you can view it on Scan Integration. See Scan Integration.