Version: FortiWeb version 5.0-6.0

Netsurion Open XDR for FortiWeb captures important and critical activities in FortiWeb. Monitoring these activities is critical from a security aspect and necessary for compliance and operational reasons. Below are few use cases that can be used.

  • Monitor the actions performed by the admin users like user accounts activated or deactivated, and access level changes. You can also monitor if there are any policy changes.
  • Threats and attacks identified across multiple machines on same subnet/ different subnet.
  • Multiple sources accessing the same threat url.
  • Multiple types of AV malware infection identified from same host.
  • Multiple re-occurrence of same Infection identified from same machine.
  • Multiple re-occurrence of unique attack identified from same machine.
  • Web traffic from infected host to blacklist domain/IP.
  • Clients trying to access undesired sites/URL and the frequency of such activity.
  • Tracks user activities such as top accessed domains, top url categories etc. This will provide you with a valuable statistical information and usage analysis about the clients.
  • Various categories in WAF makes it easy for categorizing malicious, phishing, C&C, high entropy and random worded domains.

Once FortiWeb is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.