Re: What does 'Count' mean in FortiAnalyzer Threat Log View?
Fortinet customer service came back with:
"'Count' means the number of times the same threat was being detected and the date/time will be the latest one for the last count updated."
I've asked them to further clarify as follows:
"Can you please clarify the meaning a bit deeper?
Say, with a udp_flood Threat, does that mean if the 'count' shows 20,000 & the DoS policy is set to the default threshold of 2000, that we would've received 40,000,000 packets (20,000 count x 2,000 pps)? Or is it that we received a total number of packets equal to 20,000 - which technically violated the threshold 10 times?"