Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.2.3
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Top Attacks

    Top Attacks

    The DDoS Top Attacks dashboard gives you insight into the attacks that have been thwarted by that SPP’s or the entire system’s security posture.

    The data is filtered by:

    • Global or SPP
    • Time period of 1 hour to 1 year
    • Inbound or Outbound Drops

    Available attack reports

    Available attack reports from Global menu

    Reports

    Description

    Top ACL Attacks

    Reports drops from ACLs configured via Global Protection. These include:

    • IPv4 Blocklist
    • Domain Blocklist
    • IPv4/IPv6 IP/subnets
    • IPv4/IPv6 IP/subnet groups
    • IPv4/IPv6 Services (Protocols or Layer 4 TCP or UDP Ports)
    • IPv4/IPv6 Service Groups

    Available attack reports from SPP menu

    Reports

    Description

    Top Attacked SPPs

    Drop and Event counts by SPP

    Note: Top Attacked SPPs is shown no matter which SPP or All is selected for display.

    Top SPPs with Denied Packets

    ACL drop count by SPP

    Top Attacks

    Drop count for non ACL attacks

    Top ACL Drops

    Drop count by ACL rules

    Top Attacked Subnets (SPP Policies)

    Drop count by SPP Policy

    Note: If an SPP has more than 1000 attacked subnets, the first 1000 will be shown. All attacked subnets will be displayed in the Attack Logs.

    Top Attacked Subnets with Denied Packets

    ACL drop count by subnet ID

    Top Attacked Destinations

    Drop count by Destination IP address

    Top Attacked HTTP Servers

    Drop count by HTTP server IP address

    Top Attackers

    Drop count by Source IP address

    Top Attacked Protocols

    Drop count by protocol

    Icons in this portal link directly to the attacked Protocol graphs.

    Top Attacked TCP Ports

    Drop count by TCP port.

    Icons in this portal link directly to the attacked TCP port graphs.

    Top Attacked UDP Ports

    Drop count by UDP port

    Icons in this portal link directly to the attacked UDP Port graphs.

    Top Attacked ICMP Type Codes

    Drop count by ICMP type/code

    Icons in this portal link directly to the attacked ICMP type/code graphs.

    Top Attacked URLs

    Drop count by HTTP URL (hash index)

    Icons in this portal link directly to the attacked HTTP URL graphs.

    Top Attacked HTTP Methods

    Drop count by HTTP Method

    Icons in this portal link directly to the attacked HTTP Method graphs.

    Top Attacked HTTP Hosts

    Drop count by Host header (hash index)

    Icons in this portal link directly to the attacked HTTP Hosts graphs.

    Top Attacked HTTP User Agents

    Drop count by User-Agent header (hash index)

    Icons in this portal link directly to the attacked HTTP User Agent graphs.

    Top Attacked HTTP Referers

    Drop count by Referer header (hash index)

    Icons in this portal link directly to the attacked HTTP Referers graphs.

    Top Attacked HTTP Cookies

    Drop count by Cookie header (hash index)

    Icons in this portal links directly to the attacked HTTP Cookie graphs.

    Top Attacked DNS Servers

    Drop count by DNS server IP address

    Top Attacked DNS Anomalies

    Drop count by DNS server IP address for packets dropped by DNS anomaly rules
    To display the DDoS Top Attacks Log dashboard:

    1. Go to Dashboard > Top Attacks.

    2. Select the SPP of interest, time period, and traffic direction from the top left corner.

    3. Enable the Adjust filter for all tables option toggle if desired

    Previous
    Next

    Top Attacks

    Top Attacks

    The DDoS Top Attacks dashboard gives you insight into the attacks that have been thwarted by that SPP’s or the entire system’s security posture.

    The data is filtered by:

    • Global or SPP
    • Time period of 1 hour to 1 year
    • Inbound or Outbound Drops

    Available attack reports

    Available attack reports from Global menu

    Reports

    Description

    Top ACL Attacks

    Reports drops from ACLs configured via Global Protection. These include:

    • IPv4 Blocklist
    • Domain Blocklist
    • IPv4/IPv6 IP/subnets
    • IPv4/IPv6 IP/subnet groups
    • IPv4/IPv6 Services (Protocols or Layer 4 TCP or UDP Ports)
    • IPv4/IPv6 Service Groups

    Available attack reports from SPP menu

    Reports

    Description

    Top Attacked SPPs

    Drop and Event counts by SPP

    Note: Top Attacked SPPs is shown no matter which SPP or All is selected for display.

    Top SPPs with Denied Packets

    ACL drop count by SPP

    Top Attacks

    Drop count for non ACL attacks

    Top ACL Drops

    Drop count by ACL rules

    Top Attacked Subnets (SPP Policies)

    Drop count by SPP Policy

    Note: If an SPP has more than 1000 attacked subnets, the first 1000 will be shown. All attacked subnets will be displayed in the Attack Logs.

    Top Attacked Subnets with Denied Packets

    ACL drop count by subnet ID

    Top Attacked Destinations

    Drop count by Destination IP address

    Top Attacked HTTP Servers

    Drop count by HTTP server IP address

    Top Attackers

    Drop count by Source IP address

    Top Attacked Protocols

    Drop count by protocol

    Icons in this portal link directly to the attacked Protocol graphs.

    Top Attacked TCP Ports

    Drop count by TCP port.

    Icons in this portal link directly to the attacked TCP port graphs.

    Top Attacked UDP Ports

    Drop count by UDP port

    Icons in this portal link directly to the attacked UDP Port graphs.

    Top Attacked ICMP Type Codes

    Drop count by ICMP type/code

    Icons in this portal link directly to the attacked ICMP type/code graphs.

    Top Attacked URLs

    Drop count by HTTP URL (hash index)

    Icons in this portal link directly to the attacked HTTP URL graphs.

    Top Attacked HTTP Methods

    Drop count by HTTP Method

    Icons in this portal link directly to the attacked HTTP Method graphs.

    Top Attacked HTTP Hosts

    Drop count by Host header (hash index)

    Icons in this portal link directly to the attacked HTTP Hosts graphs.

    Top Attacked HTTP User Agents

    Drop count by User-Agent header (hash index)

    Icons in this portal link directly to the attacked HTTP User Agent graphs.

    Top Attacked HTTP Referers

    Drop count by Referer header (hash index)

    Icons in this portal link directly to the attacked HTTP Referers graphs.

    Top Attacked HTTP Cookies

    Drop count by Cookie header (hash index)

    Icons in this portal links directly to the attacked HTTP Cookie graphs.

    Top Attacked DNS Servers

    Drop count by DNS server IP address

    Top Attacked DNS Anomalies

    Drop count by DNS server IP address for packets dropped by DNS anomaly rules
    To display the DDoS Top Attacks Log dashboard:

    1. Go to Dashboard > Top Attacks.

    2. Select the SPP of interest, time period, and traffic direction from the top left corner.

    3. Enable the Adjust filter for all tables option toggle if desired

    Previous
    Next