The FortiWeb attack log provides a deep analysis tool that allows customers to understand why a particular request was flagged as a violation. It gives detailed information in a 'Wireshark' like visual separating the HTTP requests into headers, cookies, parameters, and the HTTP body, highlighting the pattern that triggered the violation.
This enhancement in FortiAnalyzer allow users to view FortiWeb packet logs with additional HTTP request information included.
- Go to Log View.
- In the tree menu, select Application Attack Prevention.
The Application Attack Prevention pane opens.
In the Application Attack Prevention pane, FortiWeb packets appear in the far right-side under Data.
By default, Data is not visible in the log view. You can enable it from the settings on the far-right side.
FortiWeb packets also appear in the log detail panel.
- Click on the packet icon to view the packet details.
The View Attack Content dialog appears. It shows packet details using the same design as IPS Archive.