FortiView
The default FortiView page is the summary view, which uses widgets to show a general overview of what is happening with your device. You can add new widgets by selecting Add Widget.
Each widget is a customizable box, showing certain information about the device. You can do the following with widgets:
- Click a widget title and drag it to move it around. l Delete a widget by selecting the X icon. l Set the refresh rate of widgets by selecting the dropdown list beside the refresh icon.
The following lists all widget types, grouped according to function:
Threats
Widget | Description | Feature required to be enabled on device |
Top Threats | Displays which threats trigger the most detection events on the network. | At least one of the following: IPS,
AV, AntiSpam, DLP, or Anomaly Detection. |
Top Spam | Displays which sources send the most spam email into the network. | AntiSpam |
Top Viruses | Counts the viruses that the device’s AV most frequently finds. | AV |
Top Applications by Threat Score | Compares which applications have the most traffic compared to their threat score, based on the device’s Application Control settings. | Application Control |
Top Attacks | Counts the attacks that the device’s IPS most frequently prevents. | IPS |
Top DLP By Rules | Counts the DLP events that the device detects, sorted by DLP rule. | DLP |
Traffic Analysis
Widget | Description | Feature required to be enabled on device | |
Top Applications | Compares which applications are most frequently used, based on the device’s Application Control settings. | Application Control | |
Top Application Categories | Compares which application categories are most frequently used, based on the device’s Application Control settings. | Application Control | |
Top Sources | Displays which sources have the most traffic from or to the device. | ||
Top Destinations | Displays which destinations have the most traffic from or to the device. | ||
Widget | Description | Feature required to be enabled on device | |
Top Protocols | Compares the traffic volume that has passed through a certain interface, based on which protocol it uses (HTTP, HTTPS, DNS, TCP, UDP, other). | ||
Top Countries | Displays which countries have the most traffic from or to the device. | ||
Traffic History | Displays volume of incoming and outgoing traffic over time. | ||
Websites
Widget | Description | Feature required to be enabled on device |
Top Websites | Compares which websites are most frequently visited. You can click a category to see which websites in that category are being visited. | Web Filtering |
Top Web Categories | Compares which web filtering categories are most frequently used, based on the device’s Web Filtering settings. | Web Filtering |
Top Users/IP by Browsing Time in Seconds | Compares which users visit which IP addresses most frequently in the greatest ratio. You can click a user to see which IP addresses they visit. | Web Filtering |
FortiView offers log information, reformatted into easily navigable charts, in a style similar to FortiView in FortiOS.
You can select a time period to view data for:
- Last 60 minutes l Last 24 hours l Last 7 days
- Last 30 days l Specified time period
You can set the chart’s refresh rate by clicking the Refresh icon. By using the Add Filter dropdown list, you can filter the chart by various factors. Individual chart entries may also allow you to filter by that entry’s data by selecting a filter icon on the right, or drill down to see all related log data, such as all log data through that interface.
FortiView charts reference
The following provides descriptions of all FortiView charts.
User Dashboard
The User Dashboard displays the number of users/entities that fit into the following security categories:
l Visited high risk websites l Infected by malware l Targeted by malware l Targeted by spam l Violated data leak rules l Used high-risk applications l Targeted by attacks l Attacked by protocol intrusion
You can click each category to view the list of users/entities affected. You can drill down further to view the list of incidents for each user/entity and the logs for each incident.
FSBP Dashboard
The FSBP Dashboard displays security rating results for the device, in the following categories:
- Overall Score l Maturity Milestones l Top Achievement
- Top Todo
- History Trend
The FSBP Dashboard is only available for devices that support the Security Rating feature.
Threats
Chart | Description | |
Top Threats | Lists the top threats to your network.
The following incidents are considered threats: l Risk applications detected by application control. l Intrusion incidents detected by IPS. |
|
Chart | Description | |
l Malicious web sites detected by web filtering.
l Malware/botnets detected by antivirus. |
||
IPS | Lists intrusion incidents detected by IPS. | |
AntiVirus | Lists the malware/botnets detected by AV. | |
AntiSpam | Lists the spam detected by AntiSpam. | |
DLP & Archives | Lists the DLP and archives incidents. | |
Anomaly | Lists network anomalies. | |
Traffic Analysis
Chart | Description |
Application | Displays the top applications used on the network including the application name, category, bandwidth (sent/received), sessions, and risk level. |
Cloud Application | Displays the top cloud applications used on the network. |
Source | Displays the highest network traffic by source IP address and name, bandwidth (sent/received), sessions, and risk level. |
User | Displays the highest network traffic by user in terms of bandwidth sent/received, sessions, and risk level. |
Destination | Displays the highest network traffic by destination IP addresses, the applications used to access the destination, bandwith sent/received, sessions, and risk level. |
Interface | Displays the highest network traffic by interface in terms of bandwidth sent/received, traffic sessions. and risk level. You can view by source or destination interface. |
Country | Displays the highest network traffic by country in terms of bandwidth sent/received, traffic sessions, and risk level. You can view by source or destination country. |
Policy Hits | Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date. |
Website
Chart | Description |
Website | Displays the top allowed and blocked website domains on the network. You can also view by source. You can filter by threat level. |
Web Category | Displays the top website categories. You can filter by threat level. |
Chart | Description |
Browsing User/IP | Displays the top web-browsing users and their IP addresses by total browsing time duration. You can also view by category or domain. You can filter by threat level. |
System Events
Chart | Description |
System Activity | Displays events on the managed devices, their severity, and number of incidents. You can filter by user or severity level. |
Admin Session | Displays the users who logged into managed devices, the number of configuration changes they performed, number of admin sessions, and their total duration of logged-in time. You can also view by login interface. You can filter by severity level. |
Failed Login | Displays the users who failed to log into managed devices. You can also view by login interface. You can filter by severity level. |
Wireless | Displays wireless events. You can filter by severity level. |
VPN Events
Chart | Description |
Site to Site | Displays the names of VPN tunnels with IPsec that are accessing the network. |
SSL and Dialup | Displays the users who are accessing the network by using an SSL or IPsec VPN tunnel. |
Failed VPN Login | Displays the users who failed to log in successfully via VPN. |