FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 10 - FortiView > FortiView consoles > Threats

Threats

The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.

The following incidents are considered threats:

  • Risk applications detected by application control
  • Intrusion incidents detected by IPS
  • Malicious web sites detected by web filtering
  • Malware/botnets detected by antivirus

The console can be filtered by Destination Interface, Policy, Security Action, Source Interface, Threat, and Threat Type.

In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.

Scenario: Monitoring Threats to the Network

Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:

  1. In the graph display, click and drag across the peak that represents the spike in threat score.
  2. Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.
  3. You see that a specific threat's Threat Level is at Critical. Drill down into the threat by double-clicking, or right-click and select Drill down to details....
  4. From this summary page, you can view the source IPs and the number of sessions that came from this threat. Double-click on one of them.
  5. The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.
Only FortiGate models 100D and above support the 24 hour historical data.