FortiWeb OverviewResources Applies To: FortiWeb version 5.0-6.0 Overview EventTracker knowledge pack for FortiWeb captures important and critical activities in FortiWeb. Monitoring these activities is critical from a security aspect and necessary for compliance and operational reasons. Below are few use cases that can be used. FortiWeb Use Cases Monitor the actions performed by the admin users like user accounts activated or deactivated, and access level changes. You can also monitor if there are any policy changes. Threats and attacks identified across multiple machines on same subnet/ different subnet. Multiple sources accessing the same threat url. Multiple types of AV malware infection identified from same host. Multiple re-occurrence of same Infection identified from same machine. Multiple re-occurrence of unique attack identified from same machine. Web traffic from infected host to blacklist domain/IP. Clients trying to access undesired sites/URL and the frequency of such activity. Tracks user activities such as top accessed domains, top url categories etc. This will provide you with a valuable statistical information and usage analysis about the clients. Various categories in WAF makes it easy for categorizing malicious, phishing, C&C, high entropy and random worded domains. Previous Next Once FortiWeb is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker. Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide. Security Alerts FortiWeb-Attack detected: This alert is generated when any attack is detected. Reports FortiWeb-Attack detection: This report gives information about all the attacks that are detected by FortiWeb. Operation Reports FortiWeb- System activities: This report gives information about all the system activities that are performed. FortiWeb- Admin activities: This report gives information about all the activities that are performed by the admins. FortiWeb- Traffic details: This report gives information about all the web traffic flow that is observed by FortiWeb. Compliance Alerts FortiWeb: Admin login failure: This alert is generated when any user logon failure is happened. Reports FortiWeb- Admin login and logout: This report gives information about all the admin login and logout activities. FortiWeb- Admin login failures: This report gives the information about all the admin logon failures that are done. Scope The configurations detailed in this guide are consistent with EventTracker version 8.x and later, and FortiWeb version 5.0-6.0 Documentation For more information, please refer the FortiWeb Integration guide.