Exporting Scan Results to FortiWeb

Pre-Requisites

  • Your FortiWeb system configuration needs to be completed according to the networking environment surrounding your web application
  • You must have completed a scan in Acunetix and created a WAF export file in FortiWeb format.

Import Vulnerability Export data into FortiWeb

  • Go to Web Vulnerability Scan > Scanner Integration > Scanner Integration
  • Click Scanner File Import
  • Set Scanner Type to Acunetix
  • Ensure Method is set to import an XML file previously downloaded
  • The Upload File section allows you to browse your folders and select the WAF export file
  • Enable Generate FortiWeb Rule Automatically
  • Set ADOM Name to the ADOM that the generated rules will apply to
  • Set the Profile Type depending on whether the generated rules will apply to an Inline or Offline Protection Profile
  • Specify in the option Merge the Report to Existing Rule whether to create a new Protection Profile for the generated rules, or to add the generated rules to an already existing Protection Profile.
  • If creating a new Protection Profile, give this new profile a name
  • If adding to an already existing Protection Profile, select the Protection Profile to which the generated rules will be added
  • You will need to specify what action FortiWeb will take when it detects a user making a request that would trigger a vulnerability which the generated rules are defending against
  • Different actions can be set depending on whether the vulnerability is classified as high-level or medium-level or low-level
  • The "Alert" action allows the request and generates an email alert and/or a log message
  • The "Deny" action blocks the request and generates an email alert and/or a log message
  • Click OK to upload the export file

 

« Back to the Acunetix Support Page