Fortinet black logo

Handbook

Threats

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:237934
Download PDF

Threats

The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control
  • Intrusion incidents detected by IPS
  • Malicious web sites detected by web filtering
  • Malware/botnets detected by antivirus

This console can be filtered by Country, Destination Interface, Policy, Result, Security Action, Source Interface, Threat, and Threat Type. For more on filters, see Filtering options.

note icon

In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.

Scenario: Monitoring Threats to the Network

Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:

  1. Go to FortiView > Threats. In the graph display, click and drag across the peak that represents the spike in threat score.
  2. Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.
  3. You see that a specific threat's Threat Level is at Critical. Drill down into the threat by double-clicking or right-clicking and select Drill down to details.
  4. From this summary page, you can view the source IPs and the number of sessions that came from this threat. Double-click on one of them.
  5. The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.

    note icon

    Only FortiGate models 100D and above support the 24 hour historical data.

Threats

The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control
  • Intrusion incidents detected by IPS
  • Malicious web sites detected by web filtering
  • Malware/botnets detected by antivirus

This console can be filtered by Country, Destination Interface, Policy, Result, Security Action, Source Interface, Threat, and Threat Type. For more on filters, see Filtering options.

note icon

In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.

Scenario: Monitoring Threats to the Network

Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:

  1. Go to FortiView > Threats. In the graph display, click and drag across the peak that represents the spike in threat score.
  2. Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.
  3. You see that a specific threat's Threat Level is at Critical. Drill down into the threat by double-clicking or right-clicking and select Drill down to details.
  4. From this summary page, you can view the source IPs and the number of sessions that came from this threat. Double-click on one of them.
  5. The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.

    note icon

    Only FortiGate models 100D and above support the 24 hour historical data.