OWASP Top 10
Through the FortiView > OWASP Top 10 page, you can monitor threats by OWASP Top 10 to analyze the 10 most critical attacks targeted to your application.
You can see the total number of threats, the types of actions FortiADC carries out in response to specific types of attacks, and how severe attacks are.
This gives you the ability to modify your FortiADC configuration to best address specific threats your environment faces.
To view the OWASP Top 10 data on this page, you need to first enable the security WAF log. Go to Log & Report > Log Setting to enable the corresponding log.
From this window, you can see the total threat data that FortiADC has detected for each OWASP Top 10 threat:
The summary OWASP Top 10 threats shows the total number of threats, actions, and service used according to the threat type.
The OWASP Top 10 Threats log analysis is based on the WAF log, so the data may not match the OWASP Top 10 Threats on the Dashboard with 100% accuracy.
The reason for this inconsistency is due to the way the data is obtained for the Dashboard and FortiView. While the Dashboard obtains the data directly from the FortiADC, the FortiView statistics are calculated and re-aggregated by the Log module. Another cause for data inconsistencies is when a WAF action is predefined as "silent-deny", which will not be sent or recorded in the WAF log when triggered.
Viewing individual OWASP Top 10 threats
There are two ways to drill down into the key elements about a specific threat:
Double-click the threat from the OWASP Top 10 Threats Log.
Click the Add Filter icon and select the OWASP Top 10 threat from a drop-down menu.
From here, you can view information about the source IP of the attacks, countries from which the attacks are launched, the HTTP methods used, and the targeted URLs under the Sources, Countries, HTTP Methods, and URLs for the specified OWASP Top 10 threat.