Exporting Scan Results to Fortinet FortiWeb
- Your FortiWeb system configuration needs to be completed according to the networking environment surrounding your web application
- You must have completed a scan in Acunetix and created a WAF export file in FortiWeb format.
Import Vulnerability Export data into FortiWeb
- Go to Web Vulnerability Scan > Scanner Integration > Scanner Integration
- Click Scanner File Import
- Set Scanner Type to Acunetix
- The Upload File section allows you to browse your folders and select the WAF export file
- Enable Generate FortiWeb Rule Automatically
- Set ADOM Name to the ADOM that the generated rules will apply to
- Set the Profile Type depending on whether the generated rules will apply to an Inline or Offline Protection Profile
- Specify in the option "Merge the Report to Existing Rule" whether to create a new Rule set for the generated rules, or to add the generated rules to an already existing Rule set.
- If creating a new Rule set, give this new Rule set a name
- If adding to an already existing Rule set, select the Rule set to which the generated rules will be added
- You will need to specify what action FortiWeb will take when it detects a user making a request that would trigger a vulnerability which the generated rules are defending against
- Different actions can be set depending on whether the vulnerability is classified as high-level or medium-level or low-level
- The "Alert" action allows the request and generates an email alert and/or a log message
- The "Deny" action blocks the request and generates an email alert and/or a log message
- Click OK to upload the export file
Congratulations! Your WAF export has now been integrated into your FortiWeb Rule Set.