Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiAppSec Cloud User Guide

    Threat Analytics Dashboard

    Threat Analytics Dashboard

    The default Threat Analytics Dashboard page opens when you click on Threat Analytics in the side navigation bar.

    This section covers the following:

    Filter

    You can narrow down the scope of these visualizations by specifying the desired application(s), attack types, and time frame of the attacks shown.

    To filter by application, click on All Apps to expand the list of all applications on your account.

    To filter by action, such as Monitor or Block, click on All Actions to expand list of options.

    • When you select Monitor, the widgets on this page only reflect attacks that have been logged, but not interrupted.

    • When you select Block, the widgets on this page only reflect attacks that have been stopped from reaching your application.

    To filter by time frame, select one of the three options on the right side of the page:

    • Last 24 hours

    • Last 10 days

    • Last 30 days

    Widgets

    The Threat Analytics Dashboard displays widgets that provide insights to the attack traffic detected on your applications.

    The following table highlights the information contained in each of the widgets:

    Widget

    Description

    Incidents

    Three lines that depict the number of notable incidents over the selected time frame. Each line represents a different level of severity.

    Hover over a line to see the number of incidents of the selected severity at the selected time.

    Threats

    Two lines that depict the number of threats, and the number of blocked interactions over the selected time frame.

    Hover over a line to see the number of threats or blocked interactions at the selected time.

    Top Attack Types

    Displays the pie chart distribution and percentage of most common attack types on your application.

    Top Incidents by Country

    A map displaying the geographical locations with the highest incidence of incidents.

    Top Attacked Resources

    A ranked table of applications on your platform with the highest number of threats, showing their platform and the Block/Monitor ratio for each.

    Top Incidents by Severity

    Displays the highest-severity activity on your applications.

    Top Attacks by CVE ID

    Displays the distribution and percentage of most common attacks by CVE ID.

    A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed cybersecurity vulnerability or exposure that has been assigned a unique identifier, allowing it to be tracked and managed across different platforms and security systems.
    Previous
    Next

    Threat Analytics Dashboard

    Threat Analytics Dashboard

    The default Threat Analytics Dashboard page opens when you click on Threat Analytics in the side navigation bar.

    This section covers the following:

    Filter

    You can narrow down the scope of these visualizations by specifying the desired application(s), attack types, and time frame of the attacks shown.

    To filter by application, click on All Apps to expand the list of all applications on your account.

    To filter by action, such as Monitor or Block, click on All Actions to expand list of options.

    • When you select Monitor, the widgets on this page only reflect attacks that have been logged, but not interrupted.

    • When you select Block, the widgets on this page only reflect attacks that have been stopped from reaching your application.

    To filter by time frame, select one of the three options on the right side of the page:

    • Last 24 hours

    • Last 10 days

    • Last 30 days

    Widgets

    The Threat Analytics Dashboard displays widgets that provide insights to the attack traffic detected on your applications.

    The following table highlights the information contained in each of the widgets:

    Widget

    Description

    Incidents

    Three lines that depict the number of notable incidents over the selected time frame. Each line represents a different level of severity.

    Hover over a line to see the number of incidents of the selected severity at the selected time.

    Threats

    Two lines that depict the number of threats, and the number of blocked interactions over the selected time frame.

    Hover over a line to see the number of threats or blocked interactions at the selected time.

    Top Attack Types

    Displays the pie chart distribution and percentage of most common attack types on your application.

    Top Incidents by Country

    A map displaying the geographical locations with the highest incidence of incidents.

    Top Attacked Resources

    A ranked table of applications on your platform with the highest number of threats, showing their platform and the Block/Monitor ratio for each.

    Top Incidents by Severity

    Displays the highest-severity activity on your applications.

    Top Attacks by CVE ID

    Displays the distribution and percentage of most common attacks by CVE ID.

    A CVE (Common Vulnerabilities and Exposures) is a publicly disclosed cybersecurity vulnerability or exposure that has been assigned a unique identifier, allowing it to be tracked and managed across different platforms and security systems.
    Previous
    Next