Replay attacks in the Threat Map 7.4.2
This information is also available in the FortiAnalyzer 7.4 Administration Guide: |
In FortiView > Threats > Threat Map, you can now replay threats from historical UTM logs.
The following options are available in the toolbar and map view for the Threat Map:
Option | Description |
---|---|
Timeframe |
Select Realtime to display threats in the map as soon as they are received by FortiAnalyzer. Alternatively, select a timeframe to display historical UTM logs fetched from the database and replay them in order of occurrence. |
Devices |
Select devices to filter the threats, if needed. |
Pause/Play |
This option only available when the timeframe is not Realtime. Click to pause or play the threats replay in the map. The ring around the play/pause button indicates the progress of the replay. |
Replay rate |
This option only available when the timeframe is not Realtime. Use the plus (+) and minus (-) buttons to increase or decrease the replay speed. The fastest replay speed is 7 and the slowest is 1. The default is 3. |
The list of threats that overlays the map view displays the following data:
-
Date and time of threat
-
Threat name
-
Threat level
-
Threat Source and Destination IPs, threat direction, and country flag if it is available
Below is an example of the Threat Map displaying threats in Realtime:
Below is an example of the Threat Map displaying a replay of threats from the last hour:
From the settings menu for the Threat Map, you can select the Source and/or Destination country of the threat. For example, see below.