Technical Tip: How to fetch Malicious Threat logs in FortiGate firewall.

Description

This article describes how to fetch malicious threat logs in the FortiGate firewall.

Scope

FortiGate.

Solution

FortiGate uses advanced threat protection (ATP) to protect organizations from cyberattacks and malware that aim to corrupt or steal sensitive data. 

Step 1: Enable ATP widget.

Enable the ATP widget in the GUI to see the real-time logs. 

Go to Dashboard -> Status -> Add widget -> ATP.

Step 2:

Once enabled, try to upload or send any malicious file from a PC which is behind the FortiGate firewall.

While attempting to upload the malicious file, the FortiGate firewall will be scanning these files in real-time, and if this is a malicious file, the FortiGate firewall will stop sending this file, and the count will be incremented in the ATP widget as shown above. 

These logs can be seen under Log and report -> Security Events -> Antivirus.