FortiWeb
Version: FortiWeb version 5.0-6.0
Netsurion Open XDR for FortiWeb captures important and critical activities in FortiWeb. Monitoring these activities is critical from a security aspect and necessary for compliance and operational reasons. Below are few use cases that can be used.
- Monitor the actions performed by the admin users like user accounts activated or deactivated, and access level changes. You can also monitor if there are any policy changes.
- Threats and attacks identified across multiple machines on same subnet/ different subnet.
- Multiple sources accessing the same threat url.
- Multiple types of AV malware infection identified from same host.
- Multiple re-occurrence of same Infection identified from same machine.
- Multiple re-occurrence of unique attack identified from same machine.
- Web traffic from infected host to blacklist domain/IP.
- Clients trying to access undesired sites/URL and the frequency of such activity.
- Tracks user activities such as top accessed domains, top url categories etc. This will provide you with a valuable statistical information and usage analysis about the clients.
- Various categories in WAF makes it easy for categorizing malicious, phishing, C&C, high entropy and random worded domains.
Once FortiWeb is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | FortiWeb – Attack detected | This alert is generated when any attack is detected. |
| Compliance | FortiWeb – Admin login failure | This alert is generated when any user logon failure is happened. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FortiWeb – Attack detection | This report gives information about all the attacks that are detected by FortiWeb. |
| Operations | FortiWeb – System activities | This report gives information about all the system activities that are performed. |
| Operations | FortiWeb – Admin activities | This report gives information about all the activities that are performed by the admins. |
| Operations | FortiWeb – Traffic details | This report gives information about all the web traffic flow that is observed by FortiWeb. |
| Compliance | FortiWeb – Admin login and logout | This report gives information about all the admin login and logout activities. |
| Compliance | FortiWeb – Admin login failures | This report gives the information about all the admin logon failures that are done. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, and FortiWeb.
Download FortiWeb Integration Guide for configuration instructions and more information.