Attack logs on FortiWeb can be forwarded to FortiWeb Cloud, which allows you to leverage the powerful AI-based Threat Analytics service that helps identify significant threats and zoom in on the threats that matter.
Prerequisites for using Threat Analytics for FortiWeb's attack logs:
You have a valid Threat Analytics service license.
Threat Analytics service is enabled in FortiWeb.
Please note that when your license expires or becomes invalid, the log forwarding will stop immediately regardless whether the Threat Analytics service is enabled or not.
To enable Threat Analytics:
- Contact Sales team to purchase a license with the Threat Analytics service, then register the license on Support site: HTTPs://support.fortinet.com
- Log in to FortiWeb.
- Check the status of Threat Analytics in the Licenses widget in Dashboard > Status. It should be displayed as Valid.
- In the System Information Widget in Dashboard > Status, click Enable Threat Analytics, then click OK in the pop-up window.
- Make sure Enable Attack Log is switched on in Log&Report > Log Config > Other Log Settings.
- Go to Dashboard > Status, click Add Widget, then select Threat Analytics in the System section. The Threat Analytics widget will be displayed on the Status page. You can view whether FortiWeb is successfully connected with FortiWeb Cloud and whether the attack logs are being forwarded.
- Wait for FortiWeb to generate attack logs.
- Log in to FortiWeb Cloud with the account you used when registering your license on Fortinet Support site.
For more information on the Threat Analytics, see this article in FortiWeb Cloud Online Help.