Difference between revisions of "KHIKA App for Fortigate Firewall"

From khika
Jump to navigation Jump to search
(Created page with "gfhgdgdgfdgfdfgdfgdfg")
 
Line 1: Line 1:
gfhgdgdgfdgfdfgdfgdfg
+
== How to check the output of KHIKA Fortigate App ? ==
 +
 
 +
=== Fortigate Firewall Attack Dashboard===
 +
 
 +
Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the attack information like attack name and action on fortigate firewall (which are added into KHIKA). Details like attack wise action,sourceIP and destinationIP wise attack hits etc. You can filter and search information and create new ones too. For help with Dashboards, click [[KHIKA Dashboards|here]]
 +
 
 +
==== Elements in the Dashboard are explained below : ====
 +
 
 +
{| class="wikitable"
 +
|+ style="caption-side:bottom; color:#e76700;"|''Elements in "Fortigate Firewall Attack" Dashboard''
 +
|-
 +
|'''Visualization'''
 +
|'''Description'''
 +
|-
 +
|Attack wise Action bar graph
 +
|X axis : Differnt types of attack(s) on fortigate firewall <br/>
 +
Y axis : Action(s) performed on attack and it's count.
 +
|-
 +
|Contribution of Severity and Action pie chart
 +
|Different types of Severity like critical and Action(s) performed like clear_session on fortiagte firewall.
 +
|-
 +
|SourceIP wise Attack bar graph
 +
|X axis : One or more source IP(s).<br/>
 +
Y axis : Differnt types of attack(s) and it's count.
 +
|-
 +
|DestinationIP wise Attack bar graph
 +
|X axis : One or more Destination IP(s).<br/>
 +
Y axis : Differnt types of attack(s) and it's count.
 +
|-
 +
|Time trend
 +
|Trend of login events over time. Useful to identify unusual spikes at a glance. <br/><br/>X axis : date & time <br/>Y axis : count of events
 +
|-
 +
|Contribution of Service pie chart
 +
|Contibution of differnt types of services like https,ping on fortigate firewall.
 +
|-
 +
|Summary Table
 +
|Detailed data with timestamp and count
 +
 +
|}
 +
 
 +
==== Suggestion for useful interaction with this dashboard could be : ====
 +
 +
Click on “Attack” in the "Attack wise Action" bar graph. This gets selected and shows the different types of attack(s) and action(s) on fortigate firewall .The next bar shall show sourceIP and destinationIP wise attack hits on fortigate firewall. The next pie shall shows differnt types of severity and services of fortigate firewall. Details of attack can be seen in the summary table.How to remove this filter is explained [[Filter information on Dashboards|here]]
 +
 
 +
=== Fortigate Firewall MaliciousIP Dashboard ===
 +
 
 +
Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the fortigate firewall communication with suspicious IP(s) and its traffic status like action,service ,level etc.
 +
You can filter and search information and create new ones too. For help with Dashboards, click [[KHIKA Dashboards|here]]
 +
 
 +
==== Elements in the Dashboard are explained below : ====
 +
 
 +
{| class="wikitable"
 +
|+ style="caption-side:bottom; color:#e76700;"|''Fortigate Firewall MaliciousIP" Dashboard''
 +
|-
 +
|'''Visualization'''
 +
|'''Description'''
 +
|-
 +
|Contribution of Action pie chart
 +
|Contribution of differnt types of action like accept/deny on fortigate firewall.
 +
|-
 +
|Malicious IP wise Action bar chart
 +
|X axis : One or more Malicious IP(s)<br/>
 +
Y axis : MaliciousIP wise Action and it's count.
 +
|-
 +
|SourceIP wise Hits bar graph
 +
|X axis : One or more SourceIP(s)<br/>
 +
Y axis : SourceIP wise number of hits.
 +
|-
 +
|DestinationIP wise Hits bar graph
 +
|X axis : One or more DestinationIP(s)<br/>
 +
Y axis : DestinationIP wise number of hits.
 +
|-
 +
|Contribution of service pie chart
 +
|Contribution of differnt types of services like snmp of fortigate firewall.
 +
|-
 +
|Contribution of level pie chart
 +
|Contribution of differnt types of levels like notice of fortigate firewall.
 +
|-
 +
|Time trend
 +
|Trend of login events over time. Useful to identify unusual spikes at a glance.<br/><br/>X axis : date & time<br/>Y axis : count of events
 +
|-
 +
|Summary Table
 +
|Detailed data with timestamp and count
 +
 +
|}
 +
 
 +
==== A suggestion for useful interaction with this dashboard could be : ====
 +
 
 +
Click on “MaliciousIP” in the "Malicious IP wise Action" bar graph. This gets selected and shows the maliciousIP(s) wise action(s) on fortigate firewall.The next bar shall show source and destination wise hits on fortigate firewall.The next pie shall shows differnt types of severity,action ,services and levels of fortigate firewall. Details of MaliciousIP can be seen in the summary table.How to remove this filter is explained [[Filter information on Dashboards|here]]
 +
 
 +
 
 +
=== Fortigate Firewall System Activities Dashboard ===
 +
 
 +
Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard summarizes self monitoring system event and also command,action executed by user etc.
 +
 
 +
You can filter and search information and create new ones too. For help with Dashboards, click [[KHIKA Dashboards|here]]
 +
 
 +
==== Elements in the Dashboard are explained below : ====
 +
 
 +
 
 +
{| class="wikitable"
 +
|+ style="caption-side:bottom; color:#e76700;"|''Elements in "Fortigate Firewall System Activities" Dashboard''
 +
|-
 +
|'''Visualization'''
 +
|'''Description'''
 +
|-
 +
|Contribution of Action pie chart
 +
|Contribution of Action performed by particular user on fortigate firewall.
 +
|-
 +
|User wise Action bar graph
 +
|X axis : One or more user(s)<br/>
 +
Y Axis : Action performed by particular user and it's count.
 +
|-
 +
|Contribution of Status pie chart
 +
|Contribution of differnt types of status of fortigate firewall.
 +
|-
 +
|Contribution of level pie chart
 +
|Contribution of differnt types of levels like notice,warning of fortigate firewall.
 +
|-
 +
|LogDesc wise Message bar graph
 +
|X axis : One or more logdesc<br/>
 +
Y axis : Logdesc wise message(s) and it's count.
 +
|-
 +
|Time trend
 +
|Trend of login events over time. Useful to identify unusual spikes at a glance.<br/><br/>X axis : date & time<br/>Y axis : count of events
 +
|-
 +
|Summary Table
 +
|Detailed data with timestamp and count
 +
 +
|}
 +
 
 +
 
 +
==== Some suggestions for useful interaction with this dashboard could be : ====
 +
 
 +
Click on “User” in the "User wise Action" bar graph. This gets selected and shows the user(s) wise action(s) performed  on fortigate firewall.The next bar shall show logdesc wise message on fortigate firewall.The next pie shall shows differnt types of status,action and levels of fortigate firewall. Details of MaliciousIP can be seen in the summary table.How to remove this filter is explained [[Filter information on Dashboards|here]]
 +
 
 +
=== Fortigate Firewall VPN Dashboard===
 +
 
 +
Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard.This dashboard focuses on the fortigate firewall VPN information like VPN name,VPN type etc.
 +
 
 +
You can filter and search information and create new ones too. For help with Dashboards, click [[KHIKA Dashboards|here]]
 +
 
 +
==== Elements in the Dashboard are explained below : ====
 +
 
 +
{| class="wikitable"
 +
|+ style="caption-side:bottom; color:#e76700;"|''Elements in "Fortigate Firewall VPN" Dashboard''
 +
|-
 +
|'''Visualization'''
 +
|'''Description'''
 +
|-
 +
|Contribution of VPN pie chart
 +
|Contribution of differnt VPN of fortigate firewall.
 +
|-
 +
|Contribution of VPN Type pie chart
 +
|Contribution of differnt types VPN type of fortigate firewall.
 +
|-
 +
|SourceIP wise Hits
 +
|X axis : One or more SourceIP(s)<br/>
 +
Y axis : SourceIP wise number of hits.
 +
|-
 +
|DestinationIP wise Hits
 +
|X axis : One or more DestinationIP(s)<br/>
 +
Y axis : DestinationIP wise number of hits.
 +
|-
 +
|Contribution of Service pie chart
 +
|Contribution of differnt types of services like snmp,syslog of fortigate firewall.
 +
|-
 +
|Time trend
 +
|Trend of login events over time. Useful to identify unusual spikes at a glance.<br/><br/>X axis : date & time<br/>Y axis : count of events
 +
|-
 +
|Summary Table
 +
|Detailed data with timestamp and count
 +
 +
|}
 +
 
 +
 
 +
==== Some suggestions for useful interaction with this dashboard could be : ====
 +
 
 +
Click on “VPN” in the "Contribution of VPN" pie chart. This gets selected and shows the VPN information like VPN name.The next bar shall show sourceIP and destinationIP wise hits on fortigate firewall.The next pie shall shows differnt types of VPN types and services of fortigate firewall. Details of VPN information can be seen in the summary table.How to remove this filter is explained [[Filter information on Dashboards|here]]
 +
 
 +
=== Fortigate Firewall VPNTunnel Dashboard ===
 +
 
 +
Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the VPN Tunnel information  like VPN Tunnel , Status etc.You can filter and search information and create new ones too. For help with Dashboards, click [[KHIKA Dashboards|here]]
 +
 
 +
 
 +
==== Elements in the Dashboard are explained below : ====
 +
 
 +
{| class="wikitable"
 +
|+ style="caption-side:bottom; color:#e76700;"|''Elements in "Fortigate Firewall VPNTunnel" Dashboard''
 +
|-
 +
|'''Visualization'''
 +
|'''Description'''
 +
|-
 +
|Contribution of VPN Tunnel pie chart
 +
|Contribution of differnt VPN Tunnel of fortigate firewall.
 +
|-
 +
|Contribution of Status pie chart
 +
|Contribution of status like sucess/failure.
 +
|-
 +
|Remote IP wise Hits bar graph
 +
|X axis : One or more Remote IP(s)<br/>
 +
Y axis : Remote IP wise number of hits.
 +
|-
 +
|Local IP wise Hits bar graph
 +
|X axis : One or more Local IP(s)<br/>
 +
Y axis : Local IP wise number of hits.
 +
|-
 +
|Time trend
 +
|Trend of login events over time. Useful to identify unusual spikes at a glance.<br/><br/>X axis : date & time<br/>Y axis : count of events
 +
|-
 +
|Summary Table
 +
|Detailed data with timestamp and count
 +
 +
|}
 +
 
 +
==== Some suggestions for useful interaction with this dashboard could be : ====
 +
Click on “VPN Type” in the "Contribution of VPN Tunnel" bar graph. This gets selected and shows the VPN Tunnel information .The next bar shall show RemoteIP and LocalIP wise hits on fortigate firewall.The next pie shall shows different types of status like sucess/failue on  fortigate firewall. Details of VPN information can be seen in the summary table.How to remove this filter is explained [[Filter information on Dashboards|here]]

Revision as of 12:52, 18 June 2019

How to check the output of KHIKA Fortigate App ?

Fortigate Firewall Attack Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the attack information like attack name and action on fortigate firewall (which are added into KHIKA). Details like attack wise action,sourceIP and destinationIP wise attack hits etc. You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Fortigate Firewall Attack" Dashboard
Visualization Description
Attack wise Action bar graph X axis : Differnt types of attack(s) on fortigate firewall

Y axis : Action(s) performed on attack and it's count.

Contribution of Severity and Action pie chart Different types of Severity like critical and Action(s) performed like clear_session on fortiagte firewall.
SourceIP wise Attack bar graph X axis : One or more source IP(s).

Y axis : Differnt types of attack(s) and it's count.

DestinationIP wise Attack bar graph X axis : One or more Destination IP(s).

Y axis : Differnt types of attack(s) and it's count.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Contribution of Service pie chart Contibution of differnt types of services like https,ping on fortigate firewall.
Summary Table Detailed data with timestamp and count

Suggestion for useful interaction with this dashboard could be :

Click on “Attack” in the "Attack wise Action" bar graph. This gets selected and shows the different types of attack(s) and action(s) on fortigate firewall .The next bar shall show sourceIP and destinationIP wise attack hits on fortigate firewall. The next pie shall shows differnt types of severity and services of fortigate firewall. Details of attack can be seen in the summary table.How to remove this filter is explained here

Fortigate Firewall MaliciousIP Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the fortigate firewall communication with suspicious IP(s) and its traffic status like action,service ,level etc. You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Fortigate Firewall MaliciousIP" Dashboard
Visualization Description
Contribution of Action pie chart Contribution of differnt types of action like accept/deny on fortigate firewall.
Malicious IP wise Action bar chart X axis : One or more Malicious IP(s)

Y axis : MaliciousIP wise Action and it's count.

SourceIP wise Hits bar graph X axis : One or more SourceIP(s)

Y axis : SourceIP wise number of hits.

DestinationIP wise Hits bar graph X axis : One or more DestinationIP(s)

Y axis : DestinationIP wise number of hits.

Contribution of service pie chart Contribution of differnt types of services like snmp of fortigate firewall.
Contribution of level pie chart Contribution of differnt types of levels like notice of fortigate firewall.
Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count

A suggestion for useful interaction with this dashboard could be :

Click on “MaliciousIP” in the "Malicious IP wise Action" bar graph. This gets selected and shows the maliciousIP(s) wise action(s) on fortigate firewall.The next bar shall show source and destination wise hits on fortigate firewall.The next pie shall shows differnt types of severity,action ,services and levels of fortigate firewall. Details of MaliciousIP can be seen in the summary table.How to remove this filter is explained here


Fortigate Firewall System Activities Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard summarizes self monitoring system event and also command,action executed by user etc.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Fortigate Firewall System Activities" Dashboard
Visualization Description
Contribution of Action pie chart Contribution of Action performed by particular user on fortigate firewall.
User wise Action bar graph X axis : One or more user(s)

Y Axis : Action performed by particular user and it's count.

Contribution of Status pie chart Contribution of differnt types of status of fortigate firewall.
Contribution of level pie chart Contribution of differnt types of levels like notice,warning of fortigate firewall.
LogDesc wise Message bar graph X axis : One or more logdesc

Y axis : Logdesc wise message(s) and it's count.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


Some suggestions for useful interaction with this dashboard could be :

Click on “User” in the "User wise Action" bar graph. This gets selected and shows the user(s) wise action(s) performed on fortigate firewall.The next bar shall show logdesc wise message on fortigate firewall.The next pie shall shows differnt types of status,action and levels of fortigate firewall. Details of MaliciousIP can be seen in the summary table.How to remove this filter is explained here

Fortigate Firewall VPN Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard.This dashboard focuses on the fortigate firewall VPN information like VPN name,VPN type etc.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Fortigate Firewall VPN" Dashboard
Visualization Description
Contribution of VPN pie chart Contribution of differnt VPN of fortigate firewall.
Contribution of VPN Type pie chart Contribution of differnt types VPN type of fortigate firewall.
SourceIP wise Hits X axis : One or more SourceIP(s)

Y axis : SourceIP wise number of hits.

DestinationIP wise Hits X axis : One or more DestinationIP(s)

Y axis : DestinationIP wise number of hits.

Contribution of Service pie chart Contribution of differnt types of services like snmp,syslog of fortigate firewall.
Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


Some suggestions for useful interaction with this dashboard could be :

Click on “VPN” in the "Contribution of VPN" pie chart. This gets selected and shows the VPN information like VPN name.The next bar shall show sourceIP and destinationIP wise hits on fortigate firewall.The next pie shall shows differnt types of VPN types and services of fortigate firewall. Details of VPN information can be seen in the summary table.How to remove this filter is explained here

Fortigate Firewall VPNTunnel Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the VPN Tunnel information like VPN Tunnel , Status etc.You can filter and search information and create new ones too. For help with Dashboards, click here


Elements in the Dashboard are explained below :

Elements in "Fortigate Firewall VPNTunnel" Dashboard
Visualization Description
Contribution of VPN Tunnel pie chart Contribution of differnt VPN Tunnel of fortigate firewall.
Contribution of Status pie chart Contribution of status like sucess/failure.
Remote IP wise Hits bar graph X axis : One or more Remote IP(s)

Y axis : Remote IP wise number of hits.

Local IP wise Hits bar graph X axis : One or more Local IP(s)

Y axis : Local IP wise number of hits.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count

Some suggestions for useful interaction with this dashboard could be :

Click on “VPN Type” in the "Contribution of VPN Tunnel" bar graph. This gets selected and shows the VPN Tunnel information .The next bar shall show RemoteIP and LocalIP wise hits on fortigate firewall.The next pie shall shows different types of status like sucess/failue on fortigate firewall. Details of VPN information can be seen in the summary table.How to remove this filter is explained here