Hi All,
We're running a FAZ 5.4.3 getting logs from a couple FortiGates (5.4.5). This seems to work well, but one thing I've never got to work is the Threat Map. It's always blank (except for showing the couple FortiGates). Before hooking the FGT's up to the FAZ the FortiView Threat Map on each FGT worked just fine.
Anybody got the FAZ 5.4.3 Threat Map working? Any suggestions on what to check?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ah, good point. I'll leave the FAZ threat map and logs up to verify if log entries that match appropriate threats show on the threat map before I dig deeper.
I guess you could setup an Event Handler to match the types of logs you'd expect to show up in the threat map.
Not sure whether the alerts would arrive in time or not -- syslog or SNMP trap would be better than e-mail OR just displaying the event listing page on the FAZ.
I just downloaded some of the EICAR test files, and, voila, they showed up on the threat map! So I've just been missing them due to the threat map being realtime.
BTW, part of why I didn't figure this out earlier is that the list of threats shown at the bottom of the map doesn't show *any* threats that have happened previous to opening the map page. I would think it would contain the list of previously logged threats. You can test this by having the map up, downloading an EICAR test file, then switching to the FAZ to Top Threats and back to the Threat Map. The list will be empty.
Thanks for your help with this.
chall wrote:Hi All, sorry I jumping in to this thread...The most common problem is that the coordinates (longtitude & latitude) are not set for the FortiGates. At the moment, this needs to manually be configured on either FortiGate (CLI) or FortiAnalyzer (in Device Manager). We are working on a way for that information to be learned and populated automatically in a future release.
My silly question is: Is Fortigate with fortios 5.2 supported in threat map?
really thanks in advanced for your response
best regards
Samuel Red
I don't think threat map functionality has any dependencies on FortiOS version -- i.e., it should be supported.
However, I don't think FortiOS 5.2 lets you set the coordinates on the FortiGate end, so you would have to configure this on the FortiAnalyzer end.
To set coordinates on the FortiGate end (FortiOS 5.4 & 5.6) config system global set gui-device-latitude {string} Add the latitude of the location of this FortiGate to position it on the Threat Map. size[19] set gui-device-longitude {string} Add the longitude of the location of this FortiGate to position it on the Threat Map. size[19]
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.