Threat Map
FortiView Threat Map displays a map view of attacks based on FortiDDoS logs, including source and destination geo-locations (when identifiable) with a single day view of information.
The attacks can be from various geo-locations:
- Internal - Identified Public Source IPs from the same country geolocation as the FortiDDoS Protected IPs.
-
Identified - Identified Public Source IP from other geo-locations.
- Unknown- Spoofed or otherwise unidentifiable Source IPs
Note: Identifiable Source IPs normally make up less than 10% of DDoS attacks
To view the Threat Map:
- Go to FortiView > Threat Map.
- Select the required SPP from the top-right corner of the GUI. To view the attacks for all SPPs on Threat Map, select All.
- Choose the required date from the above parameters to view the attack details.
The graph below the map displays an overview of the aggregate drops over the selected range. You can click any specific date from this graph to view the attack details on the map.
|
Sample Threat Map