Threat weight
Threat weight helps aggregate and score threats based on user-defined severity levels. It adds several fields such as threat level (crlevel
), threat score (crscore
), and threat type (craction
) to traffic logs. Threat weight logging is enabled by default and the settings can be customized. Threats can be viewed from the Top Threats FortiView dashboard.
To configure threat weight settings:
- Go to Log & Report > Threat Weight.
- Adjust the settings as needed, such as individual weights per threat type and risk level values.
- Click Apply.
To add the Top Threats monitor to the dashboard:
- In the tree menu, click Dashboard and in the FortiView section, click the + sign. The Add Monitor pane opens.
- In the Security section, enable Show More and click Top Threats.
- Configure the settings as needed.
- Click Add Monitor.
- Go to Dashboard > Top Threats. The Top Threats monitor displays threats based on the scores in the traffic logs.
- Double-click a threat to view the summary.
- Click Sources, Destinations, Countries/Regions, or Sessions to view more information. Double-click an entry to view the log details.