Hello, I have looked through the pre-configured datasets in Fortianalyser but cannot seem to find:
- drilldown showing top users app usage based on bandwidth where appcat = 'x'.
- drilldown showing top users websites visited based on bandwidth where catdesc='x'.
Does anyone have datasets for these ?
Thank you kindly.
Solved! Go to Solution.
please clone app-Top-User-by-Bandwidth , add your own appcat/catdesc filter, then create a drilldown table chart.
for top users by website visited bytes, try:
select website, user_src, sum(bandwidth) as bandwidth from ###(select hostname as website, coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and logid_to_int(logid) not in (4, 7, 14) and catdesc='x' and (countweb>0 or ((logver is null or logver<52) and(hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by hostname, user_src having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc)### t group by website, user_src order by bandwidth desc
please clone app-Top-User-by-Bandwidth , add your own appcat/catdesc filter, then create a drilldown table chart.
for top users by website visited bytes, try:
select website, user_src, sum(bandwidth) as bandwidth from ###(select hostname as website, coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and logid_to_int(logid) not in (4, 7, 14) and catdesc='x' and (countweb>0 or ((logver is null or logver<52) and(hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by hostname, user_src having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc)### t group by website, user_src order by bandwidth desc
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.