The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.
The following incidents are considered threats:
- Risk applications detected by application control
- Intrusion incidents detected by IPS
- Malicious web sites detected by web filtering
- Malware/botnets detected by antivirus
The console can be filtered by Destination Interface, Policy, Security Action, Source Interface, Threat, and Threat Type.
|In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.|
Scenario: Monitoring Threats to the Network
Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:
- In the graph display, click and drag across the peak that represents the spike in threat score.
- Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.
- You see that a specific threat's Threat Level is at Critical. Drill down into the threat by double-clicking, or right-click and select Drill down to details....
- From this summary page, you can view the source IPs and the number of sessions that came from this threat. Double-click on one of them.
- The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.
|Only FortiGate models 100D and above support the 24 hour historical data.|