FortiGate Cloud – FortiView

FortiView

The default FortiView page is the summary view, which uses widgets to show a general overview of what is happening with your device. You can add new widgets by selecting Add Widget.

Each widget is a customizable box, showing certain information about the device. You can do the following with widgets:

  • Click a widget title and drag it to move it around. l Delete a widget by selecting the X icon. l Set the refresh rate of widgets by selecting the dropdown list beside the refresh icon.

The following lists all widget types, grouped according to function:

Threats

Widget Description Feature required to be enabled on device
Top Threats Displays which threats trigger the most detection events on the network. At least one of the following: IPS,

AV, AntiSpam, DLP, or Anomaly

Detection.

Top Spam Displays which sources send the most spam email into the network. AntiSpam
Top Viruses Counts the viruses that the device’s AV most frequently finds. AV
Top Applications by Threat Score Compares which applications have the most traffic compared to their threat score, based on the device’s Application Control settings. Application Control
Top Attacks Counts the attacks that the device’s IPS most frequently prevents. IPS
Top DLP By Rules Counts the DLP events that the device detects, sorted by DLP rule. DLP

Traffic Analysis

Widget Description Feature required to be enabled on device
Top Applications Compares which applications are most frequently used, based on the device’s Application Control settings. Application Control
Top Application Categories Compares which application categories are most frequently used, based on the device’s Application Control settings. Application Control
Top Sources Displays which sources have the most traffic from or to the device.  
Top Destinations Displays which destinations have the most traffic from or to the device.  
Widget Description Feature required to be enabled on device
Top Protocols Compares the traffic volume that has passed through a certain interface, based on which protocol it uses (HTTP, HTTPS, DNS, TCP, UDP, other).  
Top Countries Displays which countries have the most traffic from or to the device.  
Traffic History Displays volume of incoming and outgoing traffic over time.  

Websites

Widget Description Feature required to be enabled on device
Top Websites Compares which websites are most frequently visited. You can click a category to see which websites in that category are being visited. Web Filtering
Top Web Categories Compares which web filtering categories are most frequently used, based on the device’s Web Filtering settings. Web Filtering
Top Users/IP by Browsing Time in Seconds Compares which users visit which IP addresses most frequently in the greatest ratio. You can click a user to see which IP addresses they visit. Web Filtering

FortiView offers log information, reformatted into easily navigable charts, in a style similar to FortiView in FortiOS.

You can select a time period to view data for:

  • Last 60 minutes l Last 24 hours l Last 7 days
  • Last 30 days l Specified time period

You can set the chart’s refresh rate by clicking the Refresh icon. By using the Add Filter dropdown list, you can filter the chart by various factors. Individual chart entries may also allow you to filter by that entry’s data by selecting a filter icon on the right, or drill down to see all related log data, such as all log data through that interface.

FortiView charts reference

The following provides descriptions of all FortiView charts.

User Dashboard

The User Dashboard displays the number of users/entities that fit into the following security categories:

l Visited high risk websites l Infected by malware l Targeted by malware l Targeted by spam l Violated data leak rules l Used high-risk applications l Targeted by attacks l Attacked by protocol intrusion

You can click each category to view the list of users/entities affected. You can drill down further to view the list of incidents for each user/entity and the logs for each incident.

FSBP Dashboard

The FSBP Dashboard displays security rating results for the device, in the following categories:

  • Overall Score l Maturity Milestones l Top Achievement
  • Top Todo
  • History Trend

The FSBP Dashboard is only available for devices that support the Security Rating feature.

Threats

Chart Description
Top Threats Lists the top threats to your network.

The following incidents are considered threats:

l Risk applications detected by application control. l Intrusion incidents detected by IPS.

Chart Description
  l  Malicious web sites detected by web filtering.

l  Malware/botnets detected by antivirus.

IPS Lists intrusion incidents detected by IPS.
AntiVirus Lists the malware/botnets detected by AV.
AntiSpam Lists the spam detected by AntiSpam.
DLP & Archives Lists the DLP and archives incidents.
Anomaly Lists network anomalies.

Traffic Analysis

Chart Description
Application Displays the top applications used on the network including the application name, category, bandwidth (sent/received), sessions, and risk level.
Cloud Application Displays the top cloud applications used on the network.
Source Displays the highest network traffic by source IP address and name, bandwidth (sent/received), sessions, and risk level.
User Displays the highest network traffic by user in terms of bandwidth sent/received, sessions, and risk level.
Destination Displays the highest network traffic by destination IP addresses, the applications used to access the destination, bandwith sent/received, sessions, and risk level.
Interface Displays the highest network traffic by interface in terms of bandwidth sent/received, traffic sessions. and risk level. You can view by source or destination interface.
Country Displays the highest network traffic by country in terms of bandwidth sent/received, traffic sessions, and risk level. You can view by source or destination country.
Policy Hits Lists the policy hits by policy, device name, VDOM, number of hits, bytes, and last used time and date.

Website

Chart Description
Website Displays the top allowed and blocked website domains on the network. You can also view by source. You can filter by threat level.
Web Category Displays the top website categories. You can filter by threat level.
Chart Description
Browsing User/IP Displays the top web-browsing users and their IP addresses by total browsing time duration. You can also view by category or domain. You can filter by threat level.

System Events

Chart Description
System Activity Displays events on the managed devices, their severity, and number of incidents. You can filter by user or severity level.
Admin Session Displays the users who logged into managed devices, the number of configuration changes they performed, number of admin sessions, and their total duration of logged-in time. You can also view by login interface. You can filter by severity level.
Failed Login Displays the users who failed to log into managed devices. You can also view by login interface. You can filter by severity level.
Wireless Displays wireless events. You can filter by severity level.

VPN Events

Chart Description
Site to Site Displays the names of VPN tunnels with IPsec that are accessing the network.
SSL and Dialup Displays the users who are accessing the network by using an SSL or IPsec VPN tunnel.
Failed VPN Login Displays the users who failed to log in successfully via VPN.
This entry was posted in Administration Guides, FortiGate, FortiGate Cloud on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.