Threat weight

Threat weight helps aggregate and score threats based on user-defined severity levels. It adds several fields such as threat level (crlevel), threat score (crscore), and threat type (craction) to traffic logs. Threat weight logging is enabled by default and the settings can be customized. Threats can be viewed from the Top Threats FortiView dashboard.

To configure threat weight settings:
  1. Go to Log & Report > Threat Weight.
  2. Adjust the settings as needed, such as individual weights per threat type and risk level values.
  3. Click Apply.
To add the Top Threats monitor to the dashboard:
  1. In the tree menu, click Dashboard and in the FortiView section, click the + sign (Add Monitor).
  2. In the Security section, enable Show More and click Top Threats.
  3. Configure the settings as needed.
  4. Click Add Monitor.
  5. Go to Dashboard > Top Threats. The Top Threats monitor displays threats based on the scores in the traffic logs.

  6. Double-click a threat to view the summary.
  7. Click Sources, Destinations, Countries/Regions, or Sessions to view more information. Double-click an entry to view the log details.