FortiView Server Policies
Go to Dashboard > FortiView Server Policies. If it's not available in the Dashboard menu, refer to Monitors for how to add a monitor.
This window shows total threat data and threat data for each server policy:
Viewing threats per server policy
Two ways are available to view key elements about a server policy:
- Double-click the Server Policy name from the Server Policy list.
- Click the Add Filter icon and select the server policy.
The server policy summary page provides an overview of total threats, accumulated threat score, actions, and service used.
Also, you can view information about specific types of threats, the source IP of attacks, the country where the attacks come from, the client devices that launched attacks, HTTP methods used, targeted URLs, and CVE IDs for the specified server policy under the tabs Threats, Sources, Countries, Client Devices, HTTP Methods, URLs, CVE ID, and OWASP Top10 tabs respectively. You can use either the Add Filter icon to filter for these things, or select the relevant tab and double-click the row of the thing you want to know more about.
You can even filter for a combination of these things. The image below shows targeted URL, and source IP of attacks of a server policy.
For any given server policy, you can drill down into specific threat, source IP, country, client device ID, HTTP method, URL, CVE ID, and OWASP Top10 entries to learn more information about them via the Log Details. Below is an example.