Fortinet 603 FortiWeb 5.0 Patch 6 Administration Guide
interval through the time span that you have selected in either Time Range or your custom
data filter.
For example, if Type is Attack and Category is Host, the panel displays the 10 domains that
received the most attack attempts. Let’s say that a trend of attacking www.example.com is
consistent over time. (You could confirm this suspicion in the Time Trend Panel.) This could
represent either an advanced persistent threat (APT) — an attacker that is an adversary of
that specific organization, and likely to continue and attempt more evolved threats until she
or he discovers a viable exploit — or it could simply be an attack attempt because
security-wise, that specific web server is an easy target. Attacks on weak hosts might be
discouraged by applying patches, cloaking the web server, configuring sever protection
rules on FortiWeb to mitigate the host’s weaknesses, etc. An APT however, indicates a
collectively greater risk than a lone attack attempt against a weak host, and will likely
continue regardless of increasing attack difficulty. If you determine that the attacker(s) is an
APT, you might decide to devote more resources to protecting that web server, including a
full web application source code and security practice audit, as well as configuring
anti-defacement.
Both cross-sections have common controls:
• Click Refresh to re-populate the graphs with the most recent data. (The web UI displays data
current at the time of the most recent refresh or page load. It does not continuously update.)
• Click Generate PDF to download a PDF copy of the current statistics.
• Select either:
•Pre-defined — Choose a time span from the Time Range drop-down list to view its
statistics.
•Custom-defined — Define the domain name (Host:), URL, policy name, and/or time
span to include matching statistics. For details, see “Filtering the data analytics report”.
See also
•Updating data analytics definitions
•Configuring policies to gather data
•Filtering the data analytics report
•Reports
Filtering the data analytics report
By default, in Filter Type, the Pre-defined option is selected, and so the data analytics reports
include statistics based solely upon one of a few pre-defined time periods, which you can select
from Time Range.
However, you can define your own time span, as well as filter statistics based upon criteria other
than time.
To create a custom statistical filter
1. Go to Log&Report > Monitor > Data Analytics.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Log & Report category. For details, see
“Permissions” on page 47.
2. Select the view to use: Web Site View or Geographic Location View.
3. From Filter Type, select the Custom-defined option.
4. Click Filter.
A dialog appears.