Version: FortiWeb version 5.0-6.0
Netsurion Open XDR for FortiWeb captures important and critical activities in FortiWeb. Monitoring these activities is critical from a security aspect and necessary for compliance and operational reasons. Below are few use cases that can be used.
- Monitor the actions performed by the admin users like user accounts activated or deactivated, and access level changes. You can also monitor if there are any policy changes.
- Threats and attacks identified across multiple machines on same subnet/ different subnet.
- Multiple sources accessing the same threat url.
- Multiple types of AV malware infection identified from same host.
- Multiple re-occurrence of same Infection identified from same machine.
- Multiple re-occurrence of unique attack identified from same machine.
- Web traffic from infected host to blacklist domain/IP.
- Clients trying to access undesired sites/URL and the frequency of such activity.
- Tracks user activities such as top accessed domains, top url categories etc. This will provide you with a valuable statistical information and usage analysis about the clients.
- Various categories in WAF makes it easy for categorizing malicious, phishing, C&C, high entropy and random worded domains.
Once FortiWeb is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||FortiWeb – Attack detected||This alert is generated when any attack is detected.|
|Compliance||FortiWeb – Admin login failure||This alert is generated when any user logon failure is happened.|
|Security||FortiWeb – Attack detection||This report gives information about all the attacks that are detected by FortiWeb.|
|Operations||FortiWeb – System activities||This report gives information about all the system activities that are performed.|
|Operations||FortiWeb – Admin activities||This report gives information about all the activities that are performed by the admins.|
|Operations||FortiWeb – Traffic details||This report gives information about all the web traffic flow that is observed by FortiWeb.|
|Compliance||FortiWeb – Admin login and logout||This report gives information about all the admin login and logout activities.|
|Compliance||FortiWeb – Admin login failures||This report gives the information about all the admin logon failures that are done.|
The configuration details are consistent with Netsurion Open XDR 8.x and later, and FortiWeb.
Download FortiWeb Integration Guide for configuration instructions and more information.