Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure threat weight settings.

  config log threat-weight
      Description: Configure threat weight settings.
      set status [enable|disable]
      config level
          Description: Score mapping for threat weight levels.
          set low {integer}
          set medium {integer}
          set high {integer}
          set critical {integer}
      end
      set blocked-connection [disable|low|...]
      set failed-connection [disable|low|...]
      set url-block-detected [disable|low|...]
      set botnet-connection-detected [disable|low|...]
      config malware
          Description: Anti-virus malware threat weight settings.
          set virus-infected [disable|low|...]
          set file-blocked [disable|low|...]
          set command-blocked [disable|low|...]
          set oversized [disable|low|...]
          set virus-scan-error [disable|low|...]
          set switch-proto [disable|low|...]
          set mimefragmented [disable|low|...]
          set virus-file-type-executable [disable|low|...]
          set virus-outbreak-prevention [disable|low|...]
          set content-disarm [disable|low|...]
          set malware-list [disable|low|...]
          set fsa-malicious [disable|low|...]
          set fsa-high-risk [disable|low|...]
          set fsa-medium-risk [disable|low|...]
      end
      config ips
          Description: IPS threat weight settings.
          set info-severity [disable|low|...]
          set low-severity [disable|low|...]
          set medium-severity [disable|low|...]
          set high-severity [disable|low|...]
          set critical-severity [disable|low|...]
      end
      config web
          Description: Web filtering threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
      config geolocation
          Description: Geolocation-based threat weight settings.
          edit <id>
              set country {string}
              set level [disable|low|...]
          next
      end
      config application
          Description: Application-control threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
  end

config log threat-weight

Parameter Name Description Type Size
status Enable/disable the threat weight feature.
enable: Enable the threat weight feature.
disable: Disable the threat weight feature.
option -
blocked-connection Threat weight score for blocked connections.
disable: Disable threat weight scoring for blocked connections.
low: Use the low level score for blocked connections.
medium: Use the medium level score for blocked connections.
high: Use the high level score for blocked connections.
critical: Use the critical level score for blocked connections.
option -
failed-connection Threat weight score for failed connections.
disable: Disable threat weight scoring for failed connections.
low: Use the low level score for failed connections.
medium: Use the medium level score for failed connections.
high: Use the high level score for failed connections.
critical: Use the critical level score for failed connections.
option -
url-block-detected Threat weight score for URL blocking.
disable: Disable threat weight scoring for URL blocking.
low: Use the low level score for URL blocking.
medium: Use the medium level score for URL blocking.
high: Use the high level score for URL blocking.
critical: Use the critical level score for URL blocking.
option -
botnet-connection-detected Threat weight score for detected botnet connections.
disable: Disable threat weight scoring for detected botnet connections.
low: Use the low level score for detected botnet connections.
medium: Use the medium level score for detected botnet connections.
high: Use the high level score for detected botnet connections.
critical: Use the critical level score for detected botnet connections.
option -
Parameter Name Description Type Size
low Low level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
medium Medium level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
high High level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
critical Critical level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
Parameter Name Description Type Size
virus-infected Threat weight score for virus (infected) detected.
disable: Disable threat weight scoring for virus (infected) detected.
low: Use the low level score for virus (infected) detected.
medium: Use the medium level score for virus (infected) detected.
high: Use the high level score for virus (infected) detected.
critical: Use the critical level score for virus (infected) detected.
option -
file-blocked Threat weight score for blocked file detected.
disable: Disable threat weight scoring for blocked file detected.
low: Use the low level score for blocked file detected.
medium: Use the medium level score for blocked file detected.
high: Use the high level score for blocked file detected.
critical: Use the critical level score for blocked file detected.
option -
command-blocked Threat weight score for blocked command detected.
disable: Disable threat weight scoring for blocked command detected.
low: Use the low level score for blocked command detected.
medium: Use the medium level score for blocked command detected.
high: Use the high level score for blocked command detected.
critical: Use the critical level score for blocked command detected.
option -
oversized Threat weight score for oversized file detected.
disable: Disable threat weight scoring for oversized file detected.
low: Use the low level score for oversized file detected.
medium: Use the medium level score for oversized file detected.
high: Use the high level score for oversized file detected.
critical: Use the critical level score for oversized file detected.
option -
virus-scan-error Threat weight score for virus (scan error) detected.
disable: Disable threat weight scoring for virus (scan error) detected.
low: Use the low level score for virus (scan error) detected.
medium: Use the medium level score for virus (scan error) detected.
high: Use the high level score for virus (scan error) detected.
critical: Use the critical level score for virus (scan error) detected.
option -
switch-proto Threat weight score for switch proto detected.
disable: Disable threat weight scoring for switch proto detected.
low: Use the low level score for switch proto detected.
medium: Use the medium level score for switch proto detected.
high: Use the high level score for switch proto detected.
critical: Use the critical level score for switch proto detected.
option -
mimefragmented Threat weight score for mimefragmented detected.
disable: Disable threat weight scoring for mimefragmented detected.
low: Use the low level score for mimefragmented detected.
medium: Use the medium level score for mimefragmented detected.
high: Use the high level score for mimefragmented detected.
critical: Use the critical level score for mimefragmented detected.
option -
virus-file-type-executable Threat weight score for virus (filetype executable) detected.
disable: Disable threat weight scoring for virus (filetype executable) detected.
low: Use the low level score for virus (filetype executable) detected.
medium: Use the medium level score for virus (filetype executable) detected.
high: Use the high level score for virus (filetype executable) detected.
critical: Use the critical level score for virus (filetype executable) detected.
option -
virus-outbreak-prevention Threat weight score for virus (outbreak prevention) event.
disable: Disable threat weight scoring for virus (outbreak prevention) event.
low: Use the low level score for virus (outbreak prevention) event.
medium: Use the medium level score for virus (outbreak prevention) event.
high: Use the high level score for virus (outbreak prevention) event.
critical: Use the critical level score for virus (outbreak prevention) event.
option -
content-disarm Threat weight score for virus (content disarm) detected.
disable: Disable threat weight scoring for virus (content disarm) detected.
low: Use the low level score for virus (content disarm) detected.
medium: Use the medium level score for virus (content disarm) detected.
high: Use the high level score for virus (content disarm) detected.
critical: Use the critical level score for virus (content disarm) detected.
option -
malware-list Threat weight score for virus (malware list) detected.
disable: Disable threat weight scoring for virus (malware list) detected.
low: Use the low level score for virus (malware list) detected.
medium: Use the medium level score for virus (malware list) detected.
high: Use the high level score for virus (malware list) detected.
critical: Use the critical level score for virus (malware list) detected.
option -
fsa-malicious Threat weight score for FortiSandbox malicious malware detected.
disable: Disable threat weight scoring for FortiSandbox malicious malware detected.
low: Use the low level score for FortiSandbox malicious malware detected.
medium: Use the medium level score for FortiSandbox malicious malware detected.
high: Use the high level score for FortiSandbox malicious malware detected.
critical: Use the critical level score for FortiSandbox malicious malware detected.
option -
fsa-high-risk Threat weight score for FortiSandbox high risk malware detected.
disable: Disable threat weight scoring for FortiSandbox high risk malware detected.
low: Use the low level score for FortiSandbox high risk malware detected.
medium: Use the medium level score for FortiSandbox high risk malware detected.
high: Use the high level score for FortiSandbox high risk malware detected.
critical: Use the critical level score for FortiSandbox high risk malware detected.
option -
fsa-medium-risk Threat weight score for FortiSandbox medium risk malware detected.
disable: Disable threat weight scoring for FortiSandbox medium risk malware detected.
low: Use the low level score for FortiSandbox medium risk malware detected.
medium: Use the medium level score for FortiSandbox medium risk malware detected.
high: Use the high level score for FortiSandbox medium risk malware detected.
critical: Use the critical level score for FortiSandbox medium risk malware detected.
option -
Parameter Name Description Type Size
info-severity Threat weight score for IPS info severity events.
disable: Disable threat weight scoring for IPS info severity events.
low: Use the low level score for IPS info severity events.
medium: Use the medium level score for IPS info severity events.
high: Use the high level score for IPS info severity events.
critical: Use the critical level score for IPS info severity events.
option -
low-severity Threat weight score for IPS low severity events.
disable: Disable threat weight scoring for IPS low severity events.
low: Use the low level score for IPS low severity events.
medium: Use the medium level score for IPS low severity events.
high: Use the high level score for IPS low severity events.
critical: Use the critical level score for IPS low severity events.
option -
medium-severity Threat weight score for IPS medium severity events.
disable: Disable threat weight scoring for IPS medium severity events.
low: Use the low level score for IPS medium severity events.
medium: Use the medium level score for IPS medium severity events.
high: Use the high level score for IPS medium severity events.
critical: Use the critical level score for IPS medium severity events.
option -
high-severity Threat weight score for IPS high severity events.
disable: Disable threat weight scoring for IPS high severity events.
low: Use the low level score for IPS high severity events.
medium: Use the medium level score for IPS high severity events.
high: Use the high level score for IPS high severity events.
critical: Use the critical level score for IPS high severity events.
option -
critical-severity Threat weight score for IPS critical severity events.
disable: Disable threat weight scoring for IPS critical severity events.
low: Use the low level score for IPS critical severity events.
medium: Use the medium level score for IPS critical severity events.
high: Use the high level score for IPS critical severity events.
critical: Use the critical level score for IPS critical severity events.
option -
Parameter Name Description Type Size
category Threat weight score for web category filtering matches. integer Minimum value: 0 Maximum value: 255
level Threat weight score for web category filtering matches.
disable: Disable threat weight scoring for web category filtering matches.
low: Use the low level score for web category filtering matches.
medium: Use the medium level score for web category filtering matches.
high: Use the high level score for web category filtering matches.
critical: Use the critical level score for web category filtering matches.
option -
Parameter Name Description Type Size
country Country code. string Maximum length: 2
level Threat weight score for Geolocation-based events.
disable: Disable threat weight scoring for Geolocation-based events.
low: Use the low level score for Geolocation-based events.
medium: Use the medium level score for Geolocation-based events.
high: Use the high level score for Geolocation-based events.
critical: Use the critical level score for Geolocation-based events.
option -
Parameter Name Description Type Size
category Application category. integer Minimum value: 0 Maximum value: 65535
level Threat weight score for Application events.
disable: Disable threat weight scoring for Application events.
low: Use the low level score for Application events.
medium: Use the medium level score for Application events.
high: Use the high level score for Application events.
critical: Use the critical level score for Application events.
option -

Configure threat weight settings.

  config log threat-weight
      Description: Configure threat weight settings.
      set status [enable|disable]
      config level
          Description: Score mapping for threat weight levels.
          set low {integer}
          set medium {integer}
          set high {integer}
          set critical {integer}
      end
      set blocked-connection [disable|low|...]
      set failed-connection [disable|low|...]
      set url-block-detected [disable|low|...]
      set botnet-connection-detected [disable|low|...]
      config malware
          Description: Anti-virus malware threat weight settings.
          set virus-infected [disable|low|...]
          set file-blocked [disable|low|...]
          set command-blocked [disable|low|...]
          set oversized [disable|low|...]
          set virus-scan-error [disable|low|...]
          set switch-proto [disable|low|...]
          set mimefragmented [disable|low|...]
          set virus-file-type-executable [disable|low|...]
          set virus-outbreak-prevention [disable|low|...]
          set content-disarm [disable|low|...]
          set malware-list [disable|low|...]
          set fsa-malicious [disable|low|...]
          set fsa-high-risk [disable|low|...]
          set fsa-medium-risk [disable|low|...]
      end
      config ips
          Description: IPS threat weight settings.
          set info-severity [disable|low|...]
          set low-severity [disable|low|...]
          set medium-severity [disable|low|...]
          set high-severity [disable|low|...]
          set critical-severity [disable|low|...]
      end
      config web
          Description: Web filtering threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
      config geolocation
          Description: Geolocation-based threat weight settings.
          edit <id>
              set country {string}
              set level [disable|low|...]
          next
      end
      config application
          Description: Application-control threat weight settings.
          edit <id>
              set category {integer}
              set level [disable|low|...]
          next
      end
  end

config log threat-weight

Parameter Name Description Type Size
status Enable/disable the threat weight feature.
enable: Enable the threat weight feature.
disable: Disable the threat weight feature.
option -
blocked-connection Threat weight score for blocked connections.
disable: Disable threat weight scoring for blocked connections.
low: Use the low level score for blocked connections.
medium: Use the medium level score for blocked connections.
high: Use the high level score for blocked connections.
critical: Use the critical level score for blocked connections.
option -
failed-connection Threat weight score for failed connections.
disable: Disable threat weight scoring for failed connections.
low: Use the low level score for failed connections.
medium: Use the medium level score for failed connections.
high: Use the high level score for failed connections.
critical: Use the critical level score for failed connections.
option -
url-block-detected Threat weight score for URL blocking.
disable: Disable threat weight scoring for URL blocking.
low: Use the low level score for URL blocking.
medium: Use the medium level score for URL blocking.
high: Use the high level score for URL blocking.
critical: Use the critical level score for URL blocking.
option -
botnet-connection-detected Threat weight score for detected botnet connections.
disable: Disable threat weight scoring for detected botnet connections.
low: Use the low level score for detected botnet connections.
medium: Use the medium level score for detected botnet connections.
high: Use the high level score for detected botnet connections.
critical: Use the critical level score for detected botnet connections.
option -
Parameter Name Description Type Size
low Low level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
medium Medium level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
high High level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
critical Critical level score value (1 - 100). integer Minimum value: 1 Maximum value: 100
Parameter Name Description Type Size
virus-infected Threat weight score for virus (infected) detected.
disable: Disable threat weight scoring for virus (infected) detected.
low: Use the low level score for virus (infected) detected.
medium: Use the medium level score for virus (infected) detected.
high: Use the high level score for virus (infected) detected.
critical: Use the critical level score for virus (infected) detected.
option -
file-blocked Threat weight score for blocked file detected.
disable: Disable threat weight scoring for blocked file detected.
low: Use the low level score for blocked file detected.
medium: Use the medium level score for blocked file detected.
high: Use the high level score for blocked file detected.
critical: Use the critical level score for blocked file detected.
option -
command-blocked Threat weight score for blocked command detected.
disable: Disable threat weight scoring for blocked command detected.
low: Use the low level score for blocked command detected.
medium: Use the medium level score for blocked command detected.
high: Use the high level score for blocked command detected.
critical: Use the critical level score for blocked command detected.
option -
oversized Threat weight score for oversized file detected.
disable: Disable threat weight scoring for oversized file detected.
low: Use the low level score for oversized file detected.
medium: Use the medium level score for oversized file detected.
high: Use the high level score for oversized file detected.
critical: Use the critical level score for oversized file detected.
option -
virus-scan-error Threat weight score for virus (scan error) detected.
disable: Disable threat weight scoring for virus (scan error) detected.
low: Use the low level score for virus (scan error) detected.
medium: Use the medium level score for virus (scan error) detected.
high: Use the high level score for virus (scan error) detected.
critical: Use the critical level score for virus (scan error) detected.
option -
switch-proto Threat weight score for switch proto detected.
disable: Disable threat weight scoring for switch proto detected.
low: Use the low level score for switch proto detected.
medium: Use the medium level score for switch proto detected.
high: Use the high level score for switch proto detected.
critical: Use the critical level score for switch proto detected.
option -
mimefragmented Threat weight score for mimefragmented detected.
disable: Disable threat weight scoring for mimefragmented detected.
low: Use the low level score for mimefragmented detected.
medium: Use the medium level score for mimefragmented detected.
high: Use the high level score for mimefragmented detected.
critical: Use the critical level score for mimefragmented detected.
option -
virus-file-type-executable Threat weight score for virus (filetype executable) detected.
disable: Disable threat weight scoring for virus (filetype executable) detected.
low: Use the low level score for virus (filetype executable) detected.
medium: Use the medium level score for virus (filetype executable) detected.
high: Use the high level score for virus (filetype executable) detected.
critical: Use the critical level score for virus (filetype executable) detected.
option -
virus-outbreak-prevention Threat weight score for virus (outbreak prevention) event.
disable: Disable threat weight scoring for virus (outbreak prevention) event.
low: Use the low level score for virus (outbreak prevention) event.
medium: Use the medium level score for virus (outbreak prevention) event.
high: Use the high level score for virus (outbreak prevention) event.
critical: Use the critical level score for virus (outbreak prevention) event.
option -
content-disarm Threat weight score for virus (content disarm) detected.
disable: Disable threat weight scoring for virus (content disarm) detected.
low: Use the low level score for virus (content disarm) detected.
medium: Use the medium level score for virus (content disarm) detected.
high: Use the high level score for virus (content disarm) detected.
critical: Use the critical level score for virus (content disarm) detected.
option -
malware-list Threat weight score for virus (malware list) detected.
disable: Disable threat weight scoring for virus (malware list) detected.
low: Use the low level score for virus (malware list) detected.
medium: Use the medium level score for virus (malware list) detected.
high: Use the high level score for virus (malware list) detected.
critical: Use the critical level score for virus (malware list) detected.
option -
fsa-malicious Threat weight score for FortiSandbox malicious malware detected.
disable: Disable threat weight scoring for FortiSandbox malicious malware detected.
low: Use the low level score for FortiSandbox malicious malware detected.
medium: Use the medium level score for FortiSandbox malicious malware detected.
high: Use the high level score for FortiSandbox malicious malware detected.
critical: Use the critical level score for FortiSandbox malicious malware detected.
option -
fsa-high-risk Threat weight score for FortiSandbox high risk malware detected.
disable: Disable threat weight scoring for FortiSandbox high risk malware detected.
low: Use the low level score for FortiSandbox high risk malware detected.
medium: Use the medium level score for FortiSandbox high risk malware detected.
high: Use the high level score for FortiSandbox high risk malware detected.
critical: Use the critical level score for FortiSandbox high risk malware detected.
option -
fsa-medium-risk Threat weight score for FortiSandbox medium risk malware detected.
disable: Disable threat weight scoring for FortiSandbox medium risk malware detected.
low: Use the low level score for FortiSandbox medium risk malware detected.
medium: Use the medium level score for FortiSandbox medium risk malware detected.
high: Use the high level score for FortiSandbox medium risk malware detected.
critical: Use the critical level score for FortiSandbox medium risk malware detected.
option -
Parameter Name Description Type Size
info-severity Threat weight score for IPS info severity events.
disable: Disable threat weight scoring for IPS info severity events.
low: Use the low level score for IPS info severity events.
medium: Use the medium level score for IPS info severity events.
high: Use the high level score for IPS info severity events.
critical: Use the critical level score for IPS info severity events.
option -
low-severity Threat weight score for IPS low severity events.
disable: Disable threat weight scoring for IPS low severity events.
low: Use the low level score for IPS low severity events.
medium: Use the medium level score for IPS low severity events.
high: Use the high level score for IPS low severity events.
critical: Use the critical level score for IPS low severity events.
option -
medium-severity Threat weight score for IPS medium severity events.
disable: Disable threat weight scoring for IPS medium severity events.
low: Use the low level score for IPS medium severity events.
medium: Use the medium level score for IPS medium severity events.
high: Use the high level score for IPS medium severity events.
critical: Use the critical level score for IPS medium severity events.
option -
high-severity Threat weight score for IPS high severity events.
disable: Disable threat weight scoring for IPS high severity events.
low: Use the low level score for IPS high severity events.
medium: Use the medium level score for IPS high severity events.
high: Use the high level score for IPS high severity events.
critical: Use the critical level score for IPS high severity events.
option -
critical-severity Threat weight score for IPS critical severity events.
disable: Disable threat weight scoring for IPS critical severity events.
low: Use the low level score for IPS critical severity events.
medium: Use the medium level score for IPS critical severity events.
high: Use the high level score for IPS critical severity events.
critical: Use the critical level score for IPS critical severity events.
option -
Parameter Name Description Type Size
category Threat weight score for web category filtering matches. integer Minimum value: 0 Maximum value: 255
level Threat weight score for web category filtering matches.
disable: Disable threat weight scoring for web category filtering matches.
low: Use the low level score for web category filtering matches.
medium: Use the medium level score for web category filtering matches.
high: Use the high level score for web category filtering matches.
critical: Use the critical level score for web category filtering matches.
option -
Parameter Name Description Type Size
country Country code. string Maximum length: 2
level Threat weight score for Geolocation-based events.
disable: Disable threat weight scoring for Geolocation-based events.
low: Use the low level score for Geolocation-based events.
medium: Use the medium level score for Geolocation-based events.
high: Use the high level score for Geolocation-based events.
critical: Use the critical level score for Geolocation-based events.
option -
Parameter Name Description Type Size
category Application category. integer Minimum value: 0 Maximum value: 65535
level Threat weight score for Application events.
disable: Disable threat weight scoring for Application events.
low: Use the low level score for Application events.
medium: Use the medium level score for Application events.
high: Use the high level score for Application events.
critical: Use the critical level score for Application events.
option -