Hello!
Is there any way to easy see the total number of intrusions blocked vs the detected total?
Right now, without any breakdown we have the and the Intrusions Detected/By Types & Intrusions Blocked. The problem is that we manually have to add the Blocked up to the total in the Detected section per Intrusion. Just to make sure it´s 100% blocked vs detedted. Or we have to look @the Intrusions Monitored section to see if that is empty.
Hi there, you can create a pie chart based on below query:
log type: attack
select (case when (nullifna(attack) is not null and action in ('deny', 'blocked', 'reset', 'dropped')) then 'Blocked' when nullifna(attack) is not null then 'Detected' else 'Others' end) as status, count(*) as total_num from $log where $filter and nullifna(attack) is not null group by status
regards,
hz
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.