Fortinet 5.0 Patch 6

Fortinet 603 FortiWeb 5.0 Patch 6 Administration Guide

interval through the time span that you have selected in either Time Range or your custom

data filter.

For example, if Type is Attack and Category is Host, the panel displays the 10 domains that

received the most attack attempts. Let’s say that a trend of attacking www.example.com is

consistent over time. (You could confirm this suspicion in the Time Trend Panel.) This could

represent either an advanced persistent threat (APT) — an attacker that is an adversary of

that specific organization, and likely to continue and attempt more evolved threats until she

or he discovers a viable exploit — or it could simply be an attack attempt because

security-wise, that specific web server is an easy target. Attacks on weak hosts might be

discouraged by applying patches, cloaking the web server, configuring sever protection

rules on FortiWeb to mitigate the host’s weaknesses, etc. An APT however, indicates a

collectively greater risk than a lone attack attempt against a weak host, and will likely

continue regardless of increasing attack difficulty. If you determine that the attacker(s) is an

APT, you might decide to devote more resources to protecting that web server, including a

full web application source code and security practice audit, as well as configuring

anti-defacement.

Both cross-sections have common controls:

• Click Refresh to re-populate the graphs with the most recent data. (The web UI displays data

current at the time of the most recent refresh or page load. It does not continuously update.)

• Click Generate PDF to download a PDF copy of the current statistics.

• Select either:

•Pre-defined — Choose a time span from the Time Range drop-down list to view its

statistics.

•Custom-defined — Define the domain name (Host:), URL, policy name, and/or time

span to include matching statistics. For details, see “Filtering the data analytics report”.