This article describes how to set the threat weight and how it is calculated.
FortiGate v6.0.0 onwards.
Where to define threat score:
In the threat weight configuration, we can define the level and score for the level as per requirement between (1-100), below are the default level and score value.
level:
low : 5
medium : 10
high : 30
critical : 50
The IPS signatures, web categories, Malware, and Applications are all assigned a severity that is associated with a threat weight (or score).
It is possible to view the configuration details by running the below commands:
show full-configuration log threat-weight
get log threat-weight
What are all the aspects taken into consideration for threat scores:
The threat score value that appears in FortiView is the final accumulated score, which is 'score_value_for_category * number_of_incidents'.
For example:
If a URL Category is high and under config level 'high' is set to 30 and the Number of incidents is 200, then score value = 30, incident = 200 hence 30 * 200 = 6000. Threat Score will be calculated for both Blocked/Allowed traffic
It is possible to disable specific threat-weight calculations you can achieve it, below is just an example. It is possible to do it for all the parameters visible in show full-configuration log threat-weight.
config log threat-weight
set blocked-connection disable
end
This command enables/disables threat-weight calculation within logs, so it does not affect actual behavior, check the below lins:
For info on threat ID 13107:
Technical Tip: Threat 131072 is seen in logs when traffic is denied by a firewall policy
Here is an example of a failed connection threat score 5:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.