Fortinet black logo

Administration Guide

FortiView dashboards

FortiView dashboards

Many dashboards display a historical chart in a table format to show changes over the selected time period.

If you sort by a different column, the chart shows the history of the sorted column. For example, if you sort by Sessions Blocked/Allowed, the chart shows the history of blocked and allowed sessions. If you sort by Bytes Sent/Received, the chart shows the history of bytes sent and received.

When you drill down to view a line item, the historical chart show changes for that line item.

FortiView dashboards for FortiGate and FortiCarrier devices

Category

View

Description

Threats

Top Threats

Lists the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control.
  • Intrusion incidents detected by IPS.
  • Malicious web sites detected by web filtering.
  • Malware/botnets detected by antivirus.
Threat Map

Displays a map of the world that shows the top traffic destinations starting at the country of origin. Threats are displayed when the threat score is greater than zero and either the source or destination IP is a public IP address.

The Threat Window below the map, shows the threat, source, destination, severity, and time. The color gradient of the lines indicate the traffic risk. A yellow line indicates a high risk and a red line indicates a critical risk.

This view does not support filtering and Day, Night, and Ocean themes. See also Viewing the threat map.

Compromised Hosts

Displays end users with suspicious web use compromises, including end users’ IP addresses, overall threat rating, and number of threats.

To use this feature:

  1. UTM logs of the connected FortiGate devices must be enabled.
  2. The FortiAnalyzer must subscribe to FortiGuard to keep its threat database up-to-date.

FortiSandbox Detection

Displays a summary of FortiSandbox related detections.

The following information is displayed: Filename, End User and/or IP, Destination IP, Analysis (Clean, Suspicious or Malicious rating), Action (Passthrough, Blocked, etc.), and Service (HTTP, FTP, SMTP, etc.).

Select an entry to view additional information in the drilldown menu. Clicking a FortiSandbox action listed in the Process Flow displays details about that action, including the Overview, Indicators, Behavior Chronology Chart, Tree View, and more. Information included in the Details and Tree View tab is only available with FortiSandbox 3.1.0 and above.

Traffic

Top Source

Displays the highest network traffic by source IP address and interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

Top Source Addresses

Displays the top source addresses by source object, interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

Top Destinations

Displays the highest network traffic by destination IP addresses, the applications used to access the destination, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

Top Destination Addresses

Displays the top destination addresses by destination objects, applications, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

Top Country/Region

Displays the highest network traffic by country in terms of traffic sessions, including the destination, threat score, sessions, and bytes.

Policy Hits

Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date.

DNS Logs

Summarizes the DNS activity on the network. Double click an entry to drill down to the specific details about that domain.

Applications & Websites

Top Applications

Displays the top applications used on the network including the application name, category, risk level, and sessions blocked and allowed. Bytes sent and received can also be enabled through the widget settings.

For a usage example, see Finding application and user information.

Top Cloud Applications

Displays the top cloud applications used on the network.

Top Cloud Users

Displays the top cloud users on the network.

Top Website Domains

Displays the top allowed and blocked website domains on the network.

Top Website Categories

Displays the top website categories.

Top Browsing Users

Displays the top web-browsing users, including source, group, number of sites visited, browsing time, and number of bytes sent and received.

VPN

SSL & Dialup IPsec

Displays the users who are accessing the network by using the following types of security over a virtual private network (VPN) tunnel: secure socket layers (SSL) and Internet protocol security (IPsec).

You can view VPN traffic for a specific user from the top view and drilldown views. In the top view, double-click a user to view the VPN traffic for the specific user. In the drilldown view, click an entry from the table to display the traffic logs that match the VPN user and the destination.

Site-to-Site IPsec

Displays the names of VPN tunnels with Internet protocol security (IPsec) that are accessing the network.

System

Admin Logins

Displays the users who logged into the managed device.

System Events

Displays events on the managed device.

Resource Usage

Displays device CPU, memory, logging, and other performance information for the managed device.

Resource Usage includes two widgets: Resource Usage Average and Resource Usage Peak.

Failed Authentication Attempts

Displays the IP addresses of the users who failed to log into the managed device.

FortiView dashboards

Many dashboards display a historical chart in a table format to show changes over the selected time period.

If you sort by a different column, the chart shows the history of the sorted column. For example, if you sort by Sessions Blocked/Allowed, the chart shows the history of blocked and allowed sessions. If you sort by Bytes Sent/Received, the chart shows the history of bytes sent and received.

When you drill down to view a line item, the historical chart show changes for that line item.

FortiView dashboards for FortiGate and FortiCarrier devices

Category

View

Description

Threats

Top Threats

Lists the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control.
  • Intrusion incidents detected by IPS.
  • Malicious web sites detected by web filtering.
  • Malware/botnets detected by antivirus.
Threat Map

Displays a map of the world that shows the top traffic destinations starting at the country of origin. Threats are displayed when the threat score is greater than zero and either the source or destination IP is a public IP address.

The Threat Window below the map, shows the threat, source, destination, severity, and time. The color gradient of the lines indicate the traffic risk. A yellow line indicates a high risk and a red line indicates a critical risk.

This view does not support filtering and Day, Night, and Ocean themes. See also Viewing the threat map.

Compromised Hosts

Displays end users with suspicious web use compromises, including end users’ IP addresses, overall threat rating, and number of threats.

To use this feature:

  1. UTM logs of the connected FortiGate devices must be enabled.
  2. The FortiAnalyzer must subscribe to FortiGuard to keep its threat database up-to-date.

FortiSandbox Detection

Displays a summary of FortiSandbox related detections.

The following information is displayed: Filename, End User and/or IP, Destination IP, Analysis (Clean, Suspicious or Malicious rating), Action (Passthrough, Blocked, etc.), and Service (HTTP, FTP, SMTP, etc.).

Select an entry to view additional information in the drilldown menu. Clicking a FortiSandbox action listed in the Process Flow displays details about that action, including the Overview, Indicators, Behavior Chronology Chart, Tree View, and more. Information included in the Details and Tree View tab is only available with FortiSandbox 3.1.0 and above.

Traffic

Top Source

Displays the highest network traffic by source IP address and interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

Top Source Addresses

Displays the top source addresses by source object, interface, device, threat score (blocked and allowed), sessions (blocked and allowed), and bytes (sent and received).

Top Destinations

Displays the highest network traffic by destination IP addresses, the applications used to access the destination, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

Top Destination Addresses

Displays the top destination addresses by destination objects, applications, sessions, and bytes. If available, click the icon beside the IP address to see its WHOIS information.

Top Country/Region

Displays the highest network traffic by country in terms of traffic sessions, including the destination, threat score, sessions, and bytes.

Policy Hits

Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date.

DNS Logs

Summarizes the DNS activity on the network. Double click an entry to drill down to the specific details about that domain.

Applications & Websites

Top Applications

Displays the top applications used on the network including the application name, category, risk level, and sessions blocked and allowed. Bytes sent and received can also be enabled through the widget settings.

For a usage example, see Finding application and user information.

Top Cloud Applications

Displays the top cloud applications used on the network.

Top Cloud Users

Displays the top cloud users on the network.

Top Website Domains

Displays the top allowed and blocked website domains on the network.

Top Website Categories

Displays the top website categories.

Top Browsing Users

Displays the top web-browsing users, including source, group, number of sites visited, browsing time, and number of bytes sent and received.

VPN

SSL & Dialup IPsec

Displays the users who are accessing the network by using the following types of security over a virtual private network (VPN) tunnel: secure socket layers (SSL) and Internet protocol security (IPsec).

You can view VPN traffic for a specific user from the top view and drilldown views. In the top view, double-click a user to view the VPN traffic for the specific user. In the drilldown view, click an entry from the table to display the traffic logs that match the VPN user and the destination.

Site-to-Site IPsec

Displays the names of VPN tunnels with Internet protocol security (IPsec) that are accessing the network.

System

Admin Logins

Displays the users who logged into the managed device.

System Events

Displays events on the managed device.

Resource Usage

Displays device CPU, memory, logging, and other performance information for the managed device.

Resource Usage includes two widgets: Resource Usage Average and Resource Usage Peak.

Failed Authentication Attempts

Displays the IP addresses of the users who failed to log into the managed device.