Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mtse
Staff
Staff

Created on ‎06-11-2023 09:24 PM

Article Id 259823

Technical Tip: FortiWeb traffic log is still available for traffic which has been added in signature exception

Description

This article describes that in FortiWeb after an exception is added in a signature for a false positive trigger of the signature, there will be no more attack log for the false positive trigger of the signature.

If it is still desired to keep track of the traffic which has been exempted, it can still be recorded in the traffic log.
Scope FortiWeb.
Solution

For example, originally there was a false positive trigger of the signature 040000137.

 

log-attack(before_exception).PNG

 

Then exception was added for client IP 30.30.30.10 in the signature.

 

sig_exception.PNG

 

After that, there was no more attack log found for this signature for the client 30.30.30.10, but the traffic log still existed (if the traffic log has been enabled).

 

log-traffic.PNG

 

Related documents:

https://docs.fortinet.com/document/fortiweb/7.0.6/administration-guide/141292/configuring-action-ove...

https://community.fortinet.com/t5/FortiWeb/Technical-Tip-How-to-enable-traffic-log-for-version-7-0-a...
320
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.