Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.2.6 Handbook
    7.2.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Scan Integration

    Scan Integration

    FortiADC generates a WAF profile based on the results of the scan report. For example, if the scan report detects an SQL injection vulnerability, a WAF profile containing SQL/XSS Injection Detection settings will be generated and attached to the VIP to protect servers behind VS.

    The Automatic Policy contains the automatically generated WAF profile and specify the actions to be taken on the attacks. It is displayed on Scan Integration page.

    You can also manually generate an Automatic Policy by importing a scan report . FortiADC supports scan reports from the following products:

    • Acunetix
    • IBM AppScan Standard
    • WhiteHat
    • HP WebInspect
    • Qualys
    • Telefonica FAAST
    • ImmuniWeb
    • FortiWeb
    • FortiADC
    To import a scan report:
    1. Go to Web Application Firewall > Web Vulnerability Scanner > Scan Integration.
    2. Click Scanner File Import.
    3. Configure the following settings.
      Scanner TypeSelect the type of scanner report you want to import.
      • Acunetix
      • IBM AppScan Standard
      • WhiteHat
      • HP WebInspect
      • Qualys
      • Telefonica FAAST
      • ImmuniWeb
      • FortiWeb Scanner
      • FortiADC Scanner
      Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.
      Upload FileUpload the scanner report file.
      Generate Policies Automatically

      This is by default enabled.

      If disabled, FortiADC will not generate an Automatic Policy the next time it runs Web Vulnerability Scan.

      Merge the Report to Existing Profile

      If disabled, FortiADC generates a new WAF profile based on the scan results.

      If enabled, the WAF settings based on the scan results will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

      Profile NameEnter a name for the newly generated WAF profile, and select an existing WAF profile.
      Action - HighSelect the action that FortiADC will take if High severity attacks are detected.
      Action - MediumSelect the action that FortiADC will take if Medium severity attacks are detected.
      Action - LowSelect the action that FortiADC will take if Low severity attacks are detected.
    4. Click Save.
    WhiteHat Sentinel scanner report requirements

    To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

    You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

    To retrieve the WhiteHat API key and application name
    1. Go to the following location and log in:

      2. https://source.whitehatsec.com/summary.html#dashboard

    2. In the top right corner, click My Profile.
    3. Click View My API Key and enter your password.

      4. Your API key is displayed. For example:

    4. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

    Telefónica FAAST scanner report requirements

    You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

    To apply for a Telefónica FAAST API key
    1. Go to the following location and log in:

      2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

    2. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.

    3. The API key will be gave in the Response Body if the username and password are authorized.

    HP WebInspect scanner report requirements

    To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.

    Previous
    Next

    Scan Integration

    Scan Integration

    FortiADC generates a WAF profile based on the results of the scan report. For example, if the scan report detects an SQL injection vulnerability, a WAF profile containing SQL/XSS Injection Detection settings will be generated and attached to the VIP to protect servers behind VS.

    The Automatic Policy contains the automatically generated WAF profile and specify the actions to be taken on the attacks. It is displayed on Scan Integration page.

    You can also manually generate an Automatic Policy by importing a scan report . FortiADC supports scan reports from the following products:

    • Acunetix
    • IBM AppScan Standard
    • WhiteHat
    • HP WebInspect
    • Qualys
    • Telefonica FAAST
    • ImmuniWeb
    • FortiWeb
    • FortiADC
    To import a scan report:
    1. Go to Web Application Firewall > Web Vulnerability Scanner > Scan Integration.
    2. Click Scanner File Import.
    3. Configure the following settings.
      Scanner TypeSelect the type of scanner report you want to import.
      • Acunetix
      • IBM AppScan Standard
      • WhiteHat
      • HP WebInspect
      • Qualys
      • Telefonica FAAST
      • ImmuniWeb
      • FortiWeb Scanner
      • FortiADC Scanner
      Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.
      Upload FileUpload the scanner report file.
      Generate Policies Automatically

      This is by default enabled.

      If disabled, FortiADC will not generate an Automatic Policy the next time it runs Web Vulnerability Scan.

      Merge the Report to Existing Profile

      If disabled, FortiADC generates a new WAF profile based on the scan results.

      If enabled, the WAF settings based on the scan results will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

      Profile NameEnter a name for the newly generated WAF profile, and select an existing WAF profile.
      Action - HighSelect the action that FortiADC will take if High severity attacks are detected.
      Action - MediumSelect the action that FortiADC will take if Medium severity attacks are detected.
      Action - LowSelect the action that FortiADC will take if Low severity attacks are detected.
    4. Click Save.
    WhiteHat Sentinel scanner report requirements

    To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

    You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

    To retrieve the WhiteHat API key and application name
    1. Go to the following location and log in:

      2. https://source.whitehatsec.com/summary.html#dashboard

    2. In the top right corner, click My Profile.
    3. Click View My API Key and enter your password.

      4. Your API key is displayed. For example:

    4. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

    Telefónica FAAST scanner report requirements

    You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

    To apply for a Telefónica FAAST API key
    1. Go to the following location and log in:

      2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

    2. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.

    3. The API key will be gave in the Response Body if the username and password are authorized.

    HP WebInspect scanner report requirements

    To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.

    Previous
    Next