Fortinet white logo
Fortinet white logo

Administration Guide

Monitoring currently tracked clients

Monitoring currently tracked clients

To begin tracking a client, FortiWeb generates a unique client ID according to the cookie or source IP . When a client ID is generated, FortiWeb also tracks that client's identification type, risk level, and last access time. It is possible to monitor each client that FortiWeb tracks in the web UI.

To view the monitoring information of currently tracked clients
  1. Click the Add icon as shown below.
  2. On the Add Monitor page, click the Add icon of Blocked Client IDs.
  3. On the Add Monitor - Blocked Client IDs page, enter a name or use the default name Blocked Client IDs.
  4. Click Add Monitor. You will see the Blocked Client IDs shown in the navigation bar.

Currently tracked clients can be sorted and filtered according to the following characteristics:

(Refresh Button)

Click to update the page with any logs that have been recorded since you previously loaded the page.

Delete Click to select a range of client data to permanently delete.

Restore Store

Select a client and click this button to restore the threat score of a client to 0.

Search Type

Select either of the following to search for:

  • Client ID
  • Risk Level: select a risk level from Unidentified, Trusted, Suspicious, and Malicious.
Search

Click this button to search for the item specified in Search Type.

Clear

Click this button to clear the search conditions.

1 Day/3 Days/7 Days

Select the time period to show the threat score statistics of a client.

Client ID The unique ID of the client generated, which is used to track a client.

Identification Type

This specifies whether FortiWeb tracks the client by the cookie or source IP.

Risk Level

This displays the risk level of a client.

Threat Score

The sum of the threat weight of all the security violations launched by the client in last 1/3/7 active days.

For example, a client accesses on May 1, May 3, May 5, and May 6, then the threat score for last 3 days refer to the sum of May 3, May 5, and May 6.

Creation Time

The time when the client monitoring data is created.

Last Access Time The time of the most recent access by the client. This is updated when the client ID is refreshed.

Monitoring currently tracked clients

Monitoring currently tracked clients

To begin tracking a client, FortiWeb generates a unique client ID according to the cookie or source IP . When a client ID is generated, FortiWeb also tracks that client's identification type, risk level, and last access time. It is possible to monitor each client that FortiWeb tracks in the web UI.

To view the monitoring information of currently tracked clients
  1. Click the Add icon as shown below.
  2. On the Add Monitor page, click the Add icon of Blocked Client IDs.
  3. On the Add Monitor - Blocked Client IDs page, enter a name or use the default name Blocked Client IDs.
  4. Click Add Monitor. You will see the Blocked Client IDs shown in the navigation bar.

Currently tracked clients can be sorted and filtered according to the following characteristics:

(Refresh Button)

Click to update the page with any logs that have been recorded since you previously loaded the page.

Delete Click to select a range of client data to permanently delete.

Restore Store

Select a client and click this button to restore the threat score of a client to 0.

Search Type

Select either of the following to search for:

  • Client ID
  • Risk Level: select a risk level from Unidentified, Trusted, Suspicious, and Malicious.
Search

Click this button to search for the item specified in Search Type.

Clear

Click this button to clear the search conditions.

1 Day/3 Days/7 Days

Select the time period to show the threat score statistics of a client.

Client ID The unique ID of the client generated, which is used to track a client.

Identification Type

This specifies whether FortiWeb tracks the client by the cookie or source IP.

Risk Level

This displays the risk level of a client.

Threat Score

The sum of the threat weight of all the security violations launched by the client in last 1/3/7 active days.

For example, a client accesses on May 1, May 3, May 5, and May 6, then the threat score for last 3 days refer to the sum of May 3, May 5, and May 6.

Creation Time

The time when the client monitoring data is created.

Last Access Time The time of the most recent access by the client. This is updated when the client ID is refreshed.