Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Holy
Contributor

FortiWeb Sequenze when Machine Learning enabled

Hello Guys,

 

when we enable Machine Learning with Anomaly detection in layer1 and threat detection in layer2 what is actualy the scan Sequenz when we also have the Protection Profile with Standard Signatures applied to Server Policy?

 

Will the standard pattern be checken in 1st place and then machine learning? or will it beginn with machine Learning > anomalitie > Threat Detection > standard patters from protection profile?

 

Another question:

 

who is using Machine Learning in Production environment? is that realy i kind of Fire and Forget setup now?

 

Thank you

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
1 Solution
joru
Contributor

Hi,

 

I'm using ML in production enviroment with some early adopters of the technology. It seems to me that ML > Signatures, at least for the 7 Threat models currently supported, as far as I know there will be some more to come, even so the recomendation has been to use the ML and on the Web Protection with the parameters which are not currently worked by the ML for example DOS, GeoIP, etc and even disabling the signatures there.

 

So far even though the configuration for ML is very simple it has not been much of a "Fire and Forget" as you say because there has been some issues for example with the allowed methods it is not learning them correctly at least so far in version 6.0.2 also we have found othet issues, so I'm working on a couple of cases with technical support. Also as it needs to collect so many samples for each parameter/url most of them take too long to get to running state with the boxplots and the intended behavior, but is very promising probably in a few patches it will be like that.

 

Regards

View solution in original post

2 REPLIES 2
joru
Contributor

Hi,

 

I'm using ML in production enviroment with some early adopters of the technology. It seems to me that ML > Signatures, at least for the 7 Threat models currently supported, as far as I know there will be some more to come, even so the recomendation has been to use the ML and on the Web Protection with the parameters which are not currently worked by the ML for example DOS, GeoIP, etc and even disabling the signatures there.

 

So far even though the configuration for ML is very simple it has not been much of a "Fire and Forget" as you say because there has been some issues for example with the allowed methods it is not learning them correctly at least so far in version 6.0.2 also we have found othet issues, so I'm working on a couple of cases with technical support. Also as it needs to collect so many samples for each parameter/url most of them take too long to get to running state with the boxplots and the intended behavior, but is very promising probably in a few patches it will be like that.

 

Regards

Holy

Hi joru,

 

thank you very much for sharing your experience.

 

but how is the procedure if static signatures and ML are both enabled? what will be scanned first?

 

and if you say some of the url/parameters dont even get to a running status you have to have the static signatures as backup right?

 

would be nice if you keep us here updated about the Cases.

 

Thank you

NSE 8 

NSE 1 - 7

 

NSE 8 NSE 1 - 7
Labels
Top Kudoed Authors