Threats
The Threats console lists the top users involved in incidents, as well as information on the top threats to your network.
The following incidents are considered threats:
- Risk applications detected by application control
- Intrusion incidents detected by IPS
- Malicious web sites detected by web filtering
- Malware/botnets detected by antivirus
This console can be filtered by Country, Destination Interface, Policy, Result, Security Action, Source Interface, Threat, and Threat Type. For more on filters, see Filtering options.
In order for information to appear in the Threats console, Threat Weight Tracking must be enabled.
Scenario: Monitoring Threats to the Network
Some users have high Threat Scores. The Threats console can be used to view all threats and discover why such high scores are being shown:
1. Go to FortiView > Threats. In the graph display, click and drag across the peak that represents the spike in threat score.
2. Sort the threats by score or level by selecting the Threat Score (Blocked/Allowed or the Threat Level headers respectively.
3. You see that a specific threat’s Threat Level is at Critical. Drill down into the threat by double-clicking or right- clicking and select Drill down to details.
4. From this summary page, you can view the source IPs and the number of sessions that came from this threat.
Double-click on one of them.
5. The following page shows a variety of statistics, including Reference. The URL next to it will link you to a FortiGuard page where it will display the description, affected products, and recommended actions, if you are not familiar with the particular threat.
Only FortiGate models 100D and above support the 24 hour historical data.