Exporting Scan Results to Fortinet FortiWeb

Pre-Requisites

  • Your FortiWeb system configuration needs to be completed according to the networking environment surrounding your web application
  • You must have completed a scan in Acunetix and created a WAF export file in FortiWeb format.

Import Vulnerability Export data into FortiWeb

  • Go to Web Vulnerability Scan > Scanner Integration > Scanner Integration

  • Click Scanner File Import

  • Set Scanner Type to Acunetix
  • The Upload File section allows you to browse your folders and select the WAF export file
  • Enable Generate FortiWeb Rule Automatically
  • Set ADOM Name to the ADOM that the generated rules will apply to
  • Set the Profile Type depending on whether the generated rules will apply to an Inline or Offline Protection Profile
  • Specify in the option "Merge the Report to Existing Rule" whether to create a new Rule set for the generated rules, or to add the generated rules to an already existing Rule set.
  • If creating a new Rule set, give this new Rule set a name
  • If adding to an already existing Rule set, select the Rule set to which the generated rules will be added
  • You will need to specify what action FortiWeb will take when it detects a user making a request that would trigger a vulnerability which the generated rules are defending against
  • Different actions can be set depending on whether the vulnerability is classified as high-level or medium-level or low-level
  • The "Alert" action allows the request and generates an email alert and/or a log message
  • The "Deny" action blocks the request and generates an email alert and/or a log message
  • Click OK to upload the export file

Congratulations! Your WAF export has now been integrated into your FortiWeb Rule Set.

 

« Back to the Acunetix Support Page