Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mtse
Staff
Staff

Created on ‎06-11-2023 09:24 PM Edited on ‎03-17-2025 01:35 AM By Moderator

Article Id 259823

Technical Tip: FortiWeb traffic log is still available for traffic which has been added in signature exception

Description

This article describes that in FortiWeb after an exception is added in a signature for a false positive trigger, there will be no more attack log for the false positive trigger of the signature.

If it is still desired to keep track of the traffic that has been exempted, it can still be recorded in the traffic log.
Scope FortiWeb.
Solution

For example, originally there was a false positive trigger of the signature 040000137.

 

log-attack(before_exception).PNG

 

Then exception was added for client IP 30.30.30.10 in the signature.

 

sig_exception.PNG

 

After that, there was no more attack log found for this signature for the client 30.30.30.10, but the traffic log still existed (if the traffic log had been enabled).

 

log-traffic.PNG

 

Related documents:

Configuring action overrides or exceptions to data leak & attack detection signatures

How to check traffic logs in FortiWeb
Labels:
524
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.