I need to filter attack/traffic logs and reports by specific IP address ranges/subnets in FortiWeb, but currently the Source/Destination filter accepts only specific IP addresses one-by-one. This makes it really difficult to analyze logs or create useful reports with valid data, when there are thousands of "to be ignored" hits from our vulnerability scanners which unfortunately use dynamic ip addresses from a pool of several subnets.
The easiest solution could be if we could use wild card (*) in the Source/Destination search field, a better and more granulate would be to accept CIDR notation or IP range values.
Thanks!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.