0
  • LOGIN

  • No products in the cart.

Import Scan Effects into Fortinet Fortiweb

Fortiweb Introduction

FortiWeb is a web application firewall (WAF) that protects net functions and APIs from assaults that goal regarded and unknown exploits and helps preserve compliance with regulations. Using a computing device getting to know to mannequin every application, FortiWeb defends functions from recognized vulnerabilities and zero-day threats.

Pre-Requisites

  • Your FortiWeb machine configuration wants to be executed following the networking surroundings surrounding your net application
  • You need to have done a scan in Acunetix and created a WAF export file in FortiWeb format.

Import Vulnerability Export records into FortiWeb

  • Select Web Vulnerability Scan > Scanner Integration > Scanner Integration from the drop-down menu.
  • Click Scanner File Import
  • Set Scanner Type to Acunetix
  • The Upload File part approves you to browse your folders and pick out the WAF export file
  • Enable Generate FortiWeb Rule Automatically
  • Set ADOM Name to the ADOM that the generated policies will practice to
  • Set the Profile Type relying on whether or not the generated guidelines will observe an Inline or Offline Protection Profile
  • Specify in the alternative “Merge the Report to Existing Rule” whether or not to create a new Ruleset for the generated regulations or to add the generated guidelines to an already present Ruleset.
    • If developing a new Ruleset, supply this new Ruleset with a name
    • If including to an already present Ruleset, choose the Ruleset to which the generated regulations will be added
  • You will want to specify what motion FortiWeb will take when it detects a consumer making a request that would set off a vulnerability that the generated policies are defending against
    • Different moves can be set relying on whether or not the vulnerability is labeled as high-level or medium-level or low-level
    • The “Alert” motion lets in the request and generates an e-mail alert and/or a log message
    • The “Deny” motion blocks the request and generates an e-mail alert and/or a log message
  • Click OK to add the export file

Congratulations! Your WAF export has now been built-in into your FortiWeb Rule Set.

Best Fortiweb Interview and Answers

Fortinet Introduction

Fortinet is a cybersecurity company with more than two decades of experience and a comprehensive suite of products for channel partners, service providers, small enterprises, and large corporations.

Fortinet’s products and services provide security for on-premises, software-defined, virtual, cloud, and edge networks in today’s hybrid environment. The cybersecurity firm is well-known for its next-generation firewalls (NGFWs) and web application firewalls (WAFs), which provide visibility and control of network and application traffic as well as threat mitigation.

Pre-Requisites

You can use XML-format reviews from FortiWeb Scanner or third-party net vulnerability scanners to robotically generate FortiWeb safety profiles that include guidelines and insurance policies that are splendid for your environment.

For example, if the scanner document detects an SQL injection vulnerability, FortiWeb can routinely create a customized get right of entry to manage rule that suits the terrific URL, parameter, and signature. It provides the generated rule to both a current safety profile and a new one.

You can generate policies for all vulnerabilities in the document when you import it. Alternatively, you can manually pick out which vulnerabilities to create regulations for after you import the report. When you mechanically create rules, you can pick which ADOM to add the generated regulations to.

Enhance Your Knowledge With Gologica

Depending on the contents of the report, FortiWeb generates policies of the following types:

  • Allow Method
  • URL Access Rule 
  • HTTP Protocol Constraints 
  • Signatures 
  • Custom Access Policy 

WhiteHat Sentinel scanner record requirements

To permit FortiWeb to generate guidelines for the use of a WhiteHat Sentinel scanner report, make certain that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

You can add a WhiteHat Sentinel scanner document by the use of both a document file you have downloaded manually or immediately import the file from the WhiteHat portal by the usage of the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and software title that WhiteHat provides.

To retrieve the WhiteHat API key and utility name

  • Go to the following region and log in:
  • In the pinnacle proper corner, click on My Profile.
  • Enter your password after clicking View My API Key.

Your API key is displayed. For example:

  • To view the utility name, navigate to the Assets tab. The software identify is the NAME value. For example:

Telefónica FAAST scanner file requirements

You can add a Telefónica FAAST scanner to record the use of both a record file you have downloaded manually or without delay import the file from the Telefónica FAAST portal the use of the RESTful API. The API key provided by Telefónica FAAST is required to import a scanner file from the Telefónica FAAST portal. One Telefónica FAAST scanner account can practice for an API key.

Also Refer: FortiGate Course

Keeping an eye out for a Telefónica FAAST API key

  • Go to the following area and log in:
  • In the session: Authentication page, please pick POST > API/session for the method, and fill in the blanks for username and password. Then click on Try it out.
  • The API key will be given in the Response Body if the username and password are authorized.

HP WebInspect scanner record requirements

To generate policies from HP WebInspect, when you export the report, for the Details option, choose both Full or Vulnerabilities.

To import a scanner report

  1. Select Web Vulnerability Scan > Scanner Integration > Scanner Integration from the drop-down menu. A listing of imported reviews is displayed.
  2. Click Scanner File Import.
  3. Click OK.
  4. FortiWeb uploads the file and provides the record contents to the listing of imported reports.
  5. If you did no longer generate regulations for all the vulnerabilities, you can create policies for personal vulnerabilities. Select one or extra of them, click on Mitigate, and then whole the settings in the dialog box.
  6. Use the hyperlink in the Profile Name column to view the safety profile that consists of a generated rule or policy. The hyperlink in the Rule Name column lets you view the settings for that item.
  7. To dispose of man or woman policies however retain the corresponding vulnerability objects in the list, pick one or extra vulnerabilities, and then click on Cancel.
  8.  You can use the Mitigate choice to re-create the rule later if needed.
  9. To delete the imported document or a person’s vulnerability, pick the object to delete, and then click on Delete.

FortiWeb prompts you to verify that you favor deleting any guidelines that are related to the item. FortiWeb does no longer delete the safety profile that carries the rules.

Post Views: 572
April 5, 2022

Drop An Enquiry

    GoLogica Technologies Private Limited. All rights reserved 2024.