Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config log threat-weight

Configure threat weight settings.

config log threat-weight

Description: Configure threat weight settings.

set status [enable|disable]

config level

Description: Score mapping for threat weight levels.

set low {integer}

set medium {integer}

set high {integer}

set critical {integer}

end

set blocked-connection [disable|low|...]

set failed-connection [disable|low|...]

set url-block-detected [disable|low|...]

set botnet-connection-detected [disable|low|...]

config malware

Description: Anti-virus malware threat weight settings.

set virus-infected [disable|low|...]

set file-blocked [disable|low|...]

set command-blocked [disable|low|...]

set oversized [disable|low|...]

set virus-scan-error [disable|low|...]

set switch-proto [disable|low|...]

set mimefragmented [disable|low|...]

set virus-file-type-executable [disable|low|...]

set virus-outbreak-prevention [disable|low|...]

set content-disarm [disable|low|...]

set malware-list [disable|low|...]

set ems-threat-feed [disable|low|...]

set fsa-malicious [disable|low|...]

set fsa-high-risk [disable|low|...]

set fsa-medium-risk [disable|low|...]

end

config ips

Description: IPS threat weight settings.

set info-severity [disable|low|...]

set low-severity [disable|low|...]

set medium-severity [disable|low|...]

set high-severity [disable|low|...]

set critical-severity [disable|low|...]

end

config web

Description: Web filtering threat weight settings.

edit <id>

set category {integer}

set level [disable|low|...]

next

end

config geolocation

Description: Geolocation-based threat weight settings.

edit <id>

set country {string}

set level [disable|low|...]

next

end

config application

Description: Application-control threat weight settings.

edit <id>

set category {integer}

set level [disable|low|...]

next

end

end

config log threat-weight

Parameter

Description

Type

Size

Default

status

Enable/disable the threat weight feature.

option

-

enable

 

Option

Description

enable

Enable the threat weight feature.

disable

Disable the threat weight feature.

blocked-connection

Threat weight score for blocked connections.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for blocked connections.

low

Use the low level score for blocked connections.

medium

Use the medium level score for blocked connections.

high

Use the high level score for blocked connections.

critical

Use the critical level score for blocked connections.

failed-connection

Threat weight score for failed connections.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for failed connections.

low

Use the low level score for failed connections.

medium

Use the medium level score for failed connections.

high

Use the high level score for failed connections.

critical

Use the critical level score for failed connections.

url-block-detected

Threat weight score for URL blocking.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for URL blocking.

low

Use the low level score for URL blocking.

medium

Use the medium level score for URL blocking.

high

Use the high level score for URL blocking.

critical

Use the critical level score for URL blocking.

botnet-connection-detected

Threat weight score for detected botnet connections.

option

-

critical

 

Option

Description

disable

Disable threat weight scoring for detected botnet connections.

low

Use the low level score for detected botnet connections.

medium

Use the medium level score for detected botnet connections.

high

Use the high level score for detected botnet connections.

critical

Use the critical level score for detected botnet connections.

config level

Parameter

Description

Type

Size

Default

low

Low level score value .

integer

Minimum value: 1 Maximum value: 100

5

medium

Medium level score value .

integer

Minimum value: 1 Maximum value: 100

10

high

High level score value .

integer

Minimum value: 1 Maximum value: 100

30

critical

Critical level score value .

integer

Minimum value: 1 Maximum value: 100

50

config malware

Parameter

Description

Type

Size

Default

virus-infected

Threat weight score for virus (infected) detected.

option

-

critical

 

Option

Description

disable

Disable threat weight scoring for virus (infected) detected.

low

Use the low level score for virus (infected) detected.

medium

Use the medium level score for virus (infected) detected.

high

Use the high level score for virus (infected) detected.

critical

Use the critical level score for virus (infected) detected.

file-blocked

Threat weight score for blocked file detected.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for blocked file detected.

low

Use the low level score for blocked file detected.

medium

Use the medium level score for blocked file detected.

high

Use the high level score for blocked file detected.

critical

Use the critical level score for blocked file detected.

command-blocked

Threat weight score for blocked command detected.

option

-

disable

 

Option

Description

disable

Disable threat weight scoring for blocked command detected.

low

Use the low level score for blocked command detected.

medium

Use the medium level score for blocked command detected.

high

Use the high level score for blocked command detected.

critical

Use the critical level score for blocked command detected.

oversized

Threat weight score for oversized file detected.

option

-

disable

 

Option

Description

disable

Disable threat weight scoring for oversized file detected.

low

Use the low level score for oversized file detected.

medium

Use the medium level score for oversized file detected.

high

Use the high level score for oversized file detected.

critical

Use the critical level score for oversized file detected.

virus-scan-error

Threat weight score for virus (scan error) detected.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for virus (scan error) detected.

low

Use the low level score for virus (scan error) detected.

medium

Use the medium level score for virus (scan error) detected.

high

Use the high level score for virus (scan error) detected.

critical

Use the critical level score for virus (scan error) detected.

switch-proto

Threat weight score for switch proto detected.

option

-

disable

 

Option

Description

disable

Disable threat weight scoring for switch proto detected.

low

Use the low level score for switch proto detected.

medium

Use the medium level score for switch proto detected.

high

Use the high level score for switch proto detected.

critical

Use the critical level score for switch proto detected.

mimefragmented

Threat weight score for mimefragmented detected.

option

-

disable

 

Option

Description

disable

Disable threat weight scoring for mimefragmented detected.

low

Use the low level score for mimefragmented detected.

medium

Use the medium level score for mimefragmented detected.

high

Use the high level score for mimefragmented detected.

critical

Use the critical level score for mimefragmented detected.

virus-file-type-executable

Threat weight score for virus (filetype executable) detected.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for virus (filetype executable) detected.

low

Use the low level score for virus (filetype executable) detected.

medium

Use the medium level score for virus (filetype executable) detected.

high

Use the high level score for virus (filetype executable) detected.

critical

Use the critical level score for virus (filetype executable) detected.

virus-outbreak-prevention

Threat weight score for virus (outbreak prevention) event.

option

-

critical

 

Option

Description

disable

Disable threat weight scoring for virus (outbreak prevention) event.

low

Use the low level score for virus (outbreak prevention) event.

medium

Use the medium level score for virus (outbreak prevention) event.

high

Use the high level score for virus (outbreak prevention) event.

critical

Use the critical level score for virus (outbreak prevention) event.

content-disarm

Threat weight score for virus (content disarm) detected.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for virus (content disarm) detected.

low

Use the low level score for virus (content disarm) detected.

medium

Use the medium level score for virus (content disarm) detected.

high

Use the high level score for virus (content disarm) detected.

critical

Use the critical level score for virus (content disarm) detected.

malware-list

Threat weight score for virus (malware list) detected.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for virus (malware list) detected.

low

Use the low level score for virus (malware list) detected.

medium

Use the medium level score for virus (malware list) detected.

high

Use the high level score for virus (malware list) detected.

critical

Use the critical level score for virus (malware list) detected.

ems-threat-feed

Threat weight score for virus (EMS threat feed) detected.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for virus (EMS threat feed) detected.

low

Use the low level score for virus (EMS threat feed) detected.

medium

Use the medium level score for virus (EMS threat feed) detected.

high

Use the high level score for virus (EMS threat feed) detected.

critical

Use the critical level score for virus (EMS threat feed) detected.

fsa-malicious

Threat weight score for FortiSandbox malicious malware detected.

option

-

critical

 

Option

Description

disable

Disable threat weight scoring for FortiSandbox malicious malware detected.

low

Use the low level score for FortiSandbox malicious malware detected.

medium

Use the medium level score for FortiSandbox malicious malware detected.

high

Use the high level score for FortiSandbox malicious malware detected.

critical

Use the critical level score for FortiSandbox malicious malware detected.

fsa-high-risk

Threat weight score for FortiSandbox high risk malware detected.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for FortiSandbox high risk malware detected.

low

Use the low level score for FortiSandbox high risk malware detected.

medium

Use the medium level score for FortiSandbox high risk malware detected.

high

Use the high level score for FortiSandbox high risk malware detected.

critical

Use the critical level score for FortiSandbox high risk malware detected.

fsa-medium-risk

Threat weight score for FortiSandbox medium risk malware detected.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for FortiSandbox medium risk malware detected.

low

Use the low level score for FortiSandbox medium risk malware detected.

medium

Use the medium level score for FortiSandbox medium risk malware detected.

high

Use the high level score for FortiSandbox medium risk malware detected.

critical

Use the critical level score for FortiSandbox medium risk malware detected.

config ips

Parameter

Description

Type

Size

Default

info-severity

Threat weight score for IPS info severity events.

option

-

disable

 

Option

Description

disable

Disable threat weight scoring for IPS info severity events.

low

Use the low level score for IPS info severity events.

medium

Use the medium level score for IPS info severity events.

high

Use the high level score for IPS info severity events.

critical

Use the critical level score for IPS info severity events.

low-severity

Threat weight score for IPS low severity events.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for IPS low severity events.

low

Use the low level score for IPS low severity events.

medium

Use the medium level score for IPS low severity events.

high

Use the high level score for IPS low severity events.

critical

Use the critical level score for IPS low severity events.

medium-severity

Threat weight score for IPS medium severity events.

option

-

medium

 

Option

Description

disable

Disable threat weight scoring for IPS medium severity events.

low

Use the low level score for IPS medium severity events.

medium

Use the medium level score for IPS medium severity events.

high

Use the high level score for IPS medium severity events.

critical

Use the critical level score for IPS medium severity events.

high-severity

Threat weight score for IPS high severity events.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for IPS high severity events.

low

Use the low level score for IPS high severity events.

medium

Use the medium level score for IPS high severity events.

high

Use the high level score for IPS high severity events.

critical

Use the critical level score for IPS high severity events.

critical-severity

Threat weight score for IPS critical severity events.

option

-

critical

 

Option

Description

disable

Disable threat weight scoring for IPS critical severity events.

low

Use the low level score for IPS critical severity events.

medium

Use the medium level score for IPS critical severity events.

high

Use the high level score for IPS critical severity events.

critical

Use the critical level score for IPS critical severity events.

config web

Parameter

Description

Type

Size

Default

category

Threat weight score for web category filtering matches.

integer

Minimum value: 0 Maximum value: 255

0

level

Threat weight score for web category filtering matches.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for web category filtering matches.

low

Use the low level score for web category filtering matches.

medium

Use the medium level score for web category filtering matches.

high

Use the high level score for web category filtering matches.

critical

Use the critical level score for web category filtering matches.

config geolocation

Parameter

Description

Type

Size

Default

country

Country code.

string

Maximum length: 2

level

Threat weight score for Geolocation-based events.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for Geolocation-based events.

low

Use the low level score for Geolocation-based events.

medium

Use the medium level score for Geolocation-based events.

high

Use the high level score for Geolocation-based events.

critical

Use the critical level score for Geolocation-based events.

config application

Parameter

Description

Type

Size

Default

category

Application category.

integer

Minimum value: 0 Maximum value: 65535

0

level

Threat weight score for Application events.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for Application events.

low

Use the low level score for Application events.

medium

Use the medium level score for Application events.

high

Use the high level score for Application events.

critical

Use the critical level score for Application events.

config log threat-weight

Configure threat weight settings.

config log threat-weight

Description: Configure threat weight settings.

set status [enable|disable]

config level

Description: Score mapping for threat weight levels.

set low {integer}

set medium {integer}

set high {integer}

set critical {integer}

end

set blocked-connection [disable|low|...]

set failed-connection [disable|low|...]

set url-block-detected [disable|low|...]

set botnet-connection-detected [disable|low|...]

config malware

Description: Anti-virus malware threat weight settings.

set virus-infected [disable|low|...]

set file-blocked [disable|low|...]

set command-blocked [disable|low|...]

set oversized [disable|low|...]

set virus-scan-error [disable|low|...]

set switch-proto [disable|low|...]

set mimefragmented [disable|low|...]

set virus-file-type-executable [disable|low|...]

set virus-outbreak-prevention [disable|low|...]

set content-disarm [disable|low|...]

set malware-list [disable|low|...]

set ems-threat-feed [disable|low|...]

set fsa-malicious [disable|low|...]

set fsa-high-risk [disable|low|...]

set fsa-medium-risk [disable|low|...]

end

config ips

Description: IPS threat weight settings.

set info-severity [disable|low|...]

set low-severity [disable|low|...]

set medium-severity [disable|low|...]

set high-severity [disable|low|...]

set critical-severity [disable|low|...]

end

config web

Description: Web filtering threat weight settings.

edit <id>

set category {integer}

set level [disable|low|...]

next

end

config geolocation

Description: Geolocation-based threat weight settings.

edit <id>

set country {string}

set level [disable|low|...]

next

end

config application

Description: Application-control threat weight settings.

edit <id>

set category {integer}

set level [disable|low|...]

next

end

end

config log threat-weight

Parameter

Description

Type

Size

Default

status

Enable/disable the threat weight feature.

option

-

enable

 

Option

Description

enable

Enable the threat weight feature.

disable

Disable the threat weight feature.

blocked-connection

Threat weight score for blocked connections.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for blocked connections.

low

Use the low level score for blocked connections.

medium

Use the medium level score for blocked connections.

high

Use the high level score for blocked connections.

critical

Use the critical level score for blocked connections.

failed-connection

Threat weight score for failed connections.

option

-

low

 

Option

Description

disable

Disable threat weight scoring for failed connections.

low

Use the low level score for failed connections.

medium

Use the medium level score for failed connections.

high

Use the high level score for failed connections.

critical

Use the critical level score for failed connections.

url-block-detected

Threat weight score for URL blocking.

option

-

high

 

Option

Description

disable

Disable threat weight scoring for URL blocking.

low

Use the low level score for URL blocking.

medium

Use the medium level score for URL blocking.

high

Use the high level score for URL blocking.

critical

Use the critical level score for URL blocking.