Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 6.0.6 Administration Guide
    6.0.6
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    FortiView summary list and description

    FortiView summary list and description

    In table format, many summary views display a historical chart to show changes over the selected time period. If you sort by a different column, the chart shows the history of the sorted column. For example, if you sort by Sessions Blocked/Allowed, the chart shows the history of blocked and allowed sessions. If you sort by Bytes Sent/Received, the chart shows the history of bytes sent and received.

    When you drill down to view a line item, the historical chart show changes for that line item.

    FortiView summaries for FortiGate and FortiCarrier devices

    Category

    View

    Description

    Summary

    An overview

    An overview of most used FortiView summary views. You can select which widgets to display in the Summary.

    Threats

    Top Threats

    Lists the top threats to your network.

    The following incidents are considered threats:

    • Risk applications detected by application control.
    • Intrusion incidents detected by IPS.
    • Malicious web sites detected by web filtering.
    • Malware/botnets detected by antivirus.

    Note: If FortiGate is running FortiOS 5.0.x, turn on Security Profiles > Client Reputation to view entries in Top Threats.

    Threat Map

    Displays a map of the world that shows the top traffic destination country by color. Threats are displayed when the level is equal to or greater than warning and the source IP is a public IP address.

    The list of threats at the bottom shows the location, threat, severity, and time of the attacks. The color gradient of the darts on the map indicate the traffic risk, where red indicates the more critical risk.

    This view has no filtering options. See also Viewing the threat map.

    Compromised Hosts

    Displays end users with suspicious web use compromises, including end users’ IP addresses, overall threat rating, and number of threats.

    Note: To use this feature:

    1. UTM logs of the connected FortiGate devices must be enabled.
    2. The FortiAnalyzer must subscribe to FortiGuard to keep its threat database up-to-date.

    FortiSandbox Detection

    Displays a summary of FortiSandbox related detections. The following information is displayed:

    • Filename
    • End User and/or IP
    • Destination IP
    • Analysis (Clean, Suspicious or Malicious rating)
    • Action (Passthrough, Blocked, etc)
    • Service (HTTP, FTP, SMTP, etc)

    Traffic

    Top Sources

    Displays the highest network traffic by source IP address and interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

    Top Destinations

    Displays the highest network traffic by destination IP addresses, the applications used to access the destination, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

    Top Countries

    Displays the highest network traffic by country in terms of traffic sessions, including the destination, threat score, sessions, and bytes.

    Policy Hits

    Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date.

    Applications & Websites

    Top Applications

    Displays the top applications used on the network including the application name, category, risk level, number of clients, sessions blocked and allowed, and bytes sent and received.

    For a usage example, see Finding application and user information.

    Top Cloud Applications

    Displays the top cloud applications used on the network.

    Top Websites

    Displays the top allowed and blocked web sites on the network. You can view information by domain or category by using the options in the top right of the toolbar.

    Top Browsing Users

    Displays the top web-browsing users, including source, group, number of sites visited, browsing time, and number of bytes sent and received.

    VPN

    SSL & Dialup IPsec

    Displays the users who are accessing the network by using the following types of security over a virtual private network (VPN) tunnel: secure socket layers (SSL) and Internet protocol security (IPsec).

    You can view VPN traffic for a specific user from the top view and drilldown views. In the top view, double-click a user to view the VPN traffic for the specific user. In the drilldown view, click an entry from the table to display the traffic logs that match the VPN user and the destination.

    Site-to-Site IPsec

    Displays the names of VPN tunnels with Internet protocol security (IPsec) that are accessing the network.

    WiFi

    Rogue APs

    Displays the service set identifiers (SSID) of unauthorized WiFi access points on the network.

    Authorized APs

    Displays the names of authorized WiFi access points on the network.

    Authorized SSIDs

    Displays the service set identifiers (SSID) of authorized WiFi access points on the network.

    WiFi Clients

    Lists the names and IP addresses of the devices logged into the WiFi network.

    System

    Admin Logins

    Displays the users who logged into the managed device.

    System Events

    Displays events on the managed device.

    Resource Usage

    Displays device CPU, memory, logging, and other performance information for the managed device.

    Failed Authentication Attempts

    Displays the IP addresses of the users who failed to log into the managed device.

    Endpoints

    All Endpoints

    Lists the FortiClient endpoints registered to the FortiGate device.

    Displays the avatars of the FortiClient endpoints registered to the FortiGate device.

    Top Vulnerabilities

    Displays vulnerability information about the FortiClient endpoints registered to specific FortiGate devices. View by Device or Vulnerability.

    In Device view, the table shows the device, source, number and severity of vulnerabilities, and category.

    In Vulnerability view, select table or bubble format. The table format shows the vulnerability name, severity, category, CVE ID, and host count. The bubble graph format shows vulnerability by severity and frequency.

    Top Threats

    Displays the top threats for registered FortiClient endpoints, including the threat, threat level, and the number of incidents (blocked and allowed).

    Top Applications

    Displays the top applications used by registered FortiClient endpoints, including the application name, risk level, sessions blocked and allowed, and bytes sent and received.

    Top Web Sites

    Displays the top allowed and blocked web sites on the network.

    FortiView summaries for FortiClient EMS devices

    Category

    View

    Description

    Threats

    Top Threats

    Lists the top users involved in incidents and the top threats to your network. The following incidents are considered threats:

    • Risk applications detected by application control
    • Malicious web sites detected by web filtering
    • Malware/botnets detected by antivirus

    Applications & Websites

    Top Applications

    Displays the top applications used on the network including the application name, category, risk level, number of clients, sessions blocked and allowed, and bytes sent and received.

    Top Websites

    Displays the top allowed and blocked web sites on the network.

    Endpoints

    All Endpoints

    Lists the FortiClient endpoints registered to the FortiClient EMS device.

    Displays the avatars of the FortiClient endpoints registered to the FortiClient EMS device.

    Top Vulnerabilities

    Displays vulnerability information about the FortiClient endpoints that are registered to the FortiClient EMS device. View by Device or Vulnerability.

    In Device view, the table shows the device, source, number and severity of vulnerabilities, and category.

    In Vulnerability view, select table or bubble format. The table format shows the vulnerability name, severity, category, CVE ID, and host count. The bubble graph format shows vulnerability by severity and frequency.
    Previous
    Next

    FortiView summary list and description

    FortiView summary list and description

    In table format, many summary views display a historical chart to show changes over the selected time period. If you sort by a different column, the chart shows the history of the sorted column. For example, if you sort by Sessions Blocked/Allowed, the chart shows the history of blocked and allowed sessions. If you sort by Bytes Sent/Received, the chart shows the history of bytes sent and received.

    When you drill down to view a line item, the historical chart show changes for that line item.

    FortiView summaries for FortiGate and FortiCarrier devices

    Category

    View

    Description

    Summary

    An overview

    An overview of most used FortiView summary views. You can select which widgets to display in the Summary.

    Threats

    Top Threats

    Lists the top threats to your network.

    The following incidents are considered threats:

    • Risk applications detected by application control.
    • Intrusion incidents detected by IPS.
    • Malicious web sites detected by web filtering.
    • Malware/botnets detected by antivirus.

    Note: If FortiGate is running FortiOS 5.0.x, turn on Security Profiles > Client Reputation to view entries in Top Threats.

    Threat Map

    Displays a map of the world that shows the top traffic destination country by color. Threats are displayed when the level is equal to or greater than warning and the source IP is a public IP address.

    The list of threats at the bottom shows the location, threat, severity, and time of the attacks. The color gradient of the darts on the map indicate the traffic risk, where red indicates the more critical risk.

    This view has no filtering options. See also Viewing the threat map.

    Compromised Hosts

    Displays end users with suspicious web use compromises, including end users’ IP addresses, overall threat rating, and number of threats.

    Note: To use this feature:

    1. UTM logs of the connected FortiGate devices must be enabled.
    2. The FortiAnalyzer must subscribe to FortiGuard to keep its threat database up-to-date.

    FortiSandbox Detection

    Displays a summary of FortiSandbox related detections. The following information is displayed:

    • Filename
    • End User and/or IP
    • Destination IP
    • Analysis (Clean, Suspicious or Malicious rating)
    • Action (Passthrough, Blocked, etc)
    • Service (HTTP, FTP, SMTP, etc)

    Traffic

    Top Sources

    Displays the highest network traffic by source IP address and interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

    Top Destinations

    Displays the highest network traffic by destination IP addresses, the applications used to access the destination, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

    Top Countries

    Displays the highest network traffic by country in terms of traffic sessions, including the destination, threat score, sessions, and bytes.

    Policy Hits

    Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date.

    Applications & Websites

    Top Applications

    Displays the top applications used on the network including the application name, category, risk level, number of clients, sessions blocked and allowed, and bytes sent and received.

    For a usage example, see Finding application and user information.

    Top Cloud Applications

    Displays the top cloud applications used on the network.

    Top Websites

    Displays the top allowed and blocked web sites on the network. You can view information by domain or category by using the options in the top right of the toolbar.

    Top Browsing Users

    Displays the top web-browsing users, including source, group, number of sites visited, browsing time, and number of bytes sent and received.

    VPN

    SSL & Dialup IPsec

    Displays the users who are accessing the network by using the following types of security over a virtual private network (VPN) tunnel: secure socket layers (SSL) and Internet protocol security (IPsec).

    You can view VPN traffic for a specific user from the top view and drilldown views. In the top view, double-click a user to view the VPN traffic for the specific user. In the drilldown view, click an entry from the table to display the traffic logs that match the VPN user and the destination.

    Site-to-Site IPsec

    Displays the names of VPN tunnels with Internet protocol security (IPsec) that are accessing the network.

    WiFi

    Rogue APs

    Displays the service set identifiers (SSID) of unauthorized WiFi access points on the network.

    Authorized APs

    Displays the names of authorized WiFi access points on the network.

    Authorized SSIDs

    Displays the service set identifiers (SSID) of authorized WiFi access points on the network.

    WiFi Clients

    Lists the names and IP addresses of the devices logged into the WiFi network.

    System

    Admin Logins

    Displays the users who logged into the managed device.

    System Events

    Displays events on the managed device.

    Resource Usage

    Displays device CPU, memory, logging, and other performance information for the managed device.

    Failed Authentication Attempts

    Displays the IP addresses of the users who failed to log into the managed device.

    Endpoints

    All Endpoints

    Lists the FortiClient endpoints registered to the FortiGate device.

    Displays the avatars of the FortiClient endpoints registered to the FortiGate device.

    Top Vulnerabilities

    Displays vulnerability information about the FortiClient endpoints registered to specific FortiGate devices. View by Device or Vulnerability.

    In Device view, the table shows the device, source, number and severity of vulnerabilities, and category.

    In Vulnerability view, select table or bubble format. The table format shows the vulnerability name, severity, category, CVE ID, and host count. The bubble graph format shows vulnerability by severity and frequency.

    Top Threats

    Displays the top threats for registered FortiClient endpoints, including the threat, threat level, and the number of incidents (blocked and allowed).

    Top Applications

    Displays the top applications used by registered FortiClient endpoints, including the application name, risk level, sessions blocked and allowed, and bytes sent and received.

    Top Web Sites

    Displays the top allowed and blocked web sites on the network.

    FortiView summaries for FortiClient EMS devices

    Category

    View

    Description

    Threats

    Top Threats

    Lists the top users involved in incidents and the top threats to your network. The following incidents are considered threats:

    • Risk applications detected by application control
    • Malicious web sites detected by web filtering
    • Malware/botnets detected by antivirus

    Applications & Websites

    Top Applications

    Displays the top applications used on the network including the application name, category, risk level, number of clients, sessions blocked and allowed, and bytes sent and received.

    Top Websites

    Displays the top allowed and blocked web sites on the network.

    Endpoints

    All Endpoints

    Lists the FortiClient endpoints registered to the FortiClient EMS device.

    Displays the avatars of the FortiClient endpoints registered to the FortiClient EMS device.

    Top Vulnerabilities

    Displays vulnerability information about the FortiClient endpoints that are registered to the FortiClient EMS device. View by Device or Vulnerability.

    In Device view, the table shows the device, source, number and severity of vulnerabilities, and category.

    In Vulnerability view, select table or bubble format. The table format shows the vulnerability name, severity, category, CVE ID, and host count. The bubble graph format shows vulnerability by severity and frequency.
    Previous
    Next