The Endpoint Vulnerability console lists the top devices and vulnerabilities detected, organized either by frequency or risk level.
This console can be filtered by Vulnerabilty Name, Severity, Vulnerability Category, CVE-ID, or Host Count. For more on filters, see Filtering options.
The Vulnerabilities detected by the FortiGate use definitions created by FortiGuard, and every vulnerability in FortiView contains a link to the respective FortiGuard Labs documentation page (under the 'Vulnerability ID' column) and the Common Vulnerabilities and Exposures documentation page (under the 'CVE-ID' column.)
Scenario: Monitoring Vulnerabilities on the Network
When a vulnerability appears in log data, you can use the FortiView page to see more information about it. The Endpoint Vulnerability console can be used to view and track all historical vulnerabilities:
- Go to FortiView > Endpoint Vulnerability. In the upper right, select Vulnerability.
- Sort the threats by frequency by selecting the Host Count header.
- You see that a frequent vulnerability's Severity is at Critical. Drill down into the threat by double-clicking or right-clicking and select Drill down to details.
- From this summary page, you can view the source IPs and devices on which this vulnerability was detected, and also the Scan Time. Double-click on one of them.
- The chart will be filtered to display the specific Endpoint and Vulnerability, offering more granular data about the vulnerability, including its Category and the FortiClient ID of the device. You can access the CVE and FortiGuard links from this page to learn more.
|Only FortiGate models 100D and above support the 24 hour historical data.|