FortiWeb

Version: FortiWeb version 5.0-6.0

Netsurion's Open XDR platform for FortiWeb captures important and critical activities in FortiWeb. Monitoring these activities is critical from a security aspect and necessary for compliance and operational reasons. Below are few use cases that can be used.

  • Monitor the actions performed by the admin users like user accounts activated or deactivated, and access level changes. You can also monitor if there are any policy changes.
  • Threats and attacks identified across multiple machines on same subnet/ different subnet.
  • Multiple sources accessing the same threat url.
  • Multiple types of AV malware infection identified from same host.
  • Multiple re-occurrence of same Infection identified from same machine.
  • Multiple re-occurrence of unique attack identified from same machine.
  • Web traffic from infected host to blacklist domain/IP.
  • Clients trying to access undesired sites/URL and the frequency of such activity.
  • Tracks user activities such as top accessed domains, top url categories etc. This will provide you with a valuable statistical information and usage analysis about the clients.
  • Various categories in WAF makes it easy for categorizing malicious, phishing, C&C, high entropy and random worded domains.

Once FortiWeb is configured to deliver events to Netsurion Manager; alerts, dashboards and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below. 

Alerts

Type Name Description
Security FortiWeb - Attack detected This alert is generated when any attack is detected.
Compliance FortiWeb - Admin login failure This alert is generated when any user logon failure is happened.

Reports

Type Name Description
Security FortiWeb - Attack detection This report gives information about all the attacks that are detected by FortiWeb.
Operations FortiWeb - System activities This report gives information about all the system activities that are performed.
Operations FortiWeb - Admin activities This report gives information about all the activities that are performed by the admins.
Operations FortiWeb - Traffic details This report gives information about all the web traffic flow that is observed by FortiWeb.
Compliance FortiWeb - Admin login and logout This report gives information about all the admin login and logout activities.
Compliance FortiWeb - Admin login failures This report gives the information about all the admin logon failures that are done.

Documentation

The configuration details are consistent with Netsurion version 8.x and later, and FortiWeb version 5.0-6.0.

Download FortiWeb Integration Guide for more information.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept