FORTIS Logic

Last updated : April 30, 2026

Overview

This page provides an explanation of how Risk Scores are calculated for various cybersecurity-related reports in Power BI. These scores are designed to help prioritize security events based on severity, action type, and IP classifications.

Risk Score Range

5 Critical

Detected malware or direct threat activity.

4 High

Strong indicators of potentially malicious behavior.

3 Medium

Suspicious behavior needing further investigation.

2 Low

Benign but logged for visibility.

1 Informational

General activity.

Report - Key Conditions

Anti-Malware Report
Firewall Action Event Type Source/Destination IP Risk Score
detected / monitored / passthrough / forwardNOT in excluded list*-5
blocked / dropped / drop-Both are private4
blocked / dropped / drop--2
All Other--1
No logs--1

Excluded Event Types*

  • FortiGate-antivirus-file-oversize
  • FortiGate-antivirus-scan-archive-oversize-notif
  • FortiGate-antivirus-scan-archive-corrupted-notif
  • FortiGate-antivirus-file-submitted
  • FortiGate-antivirus-scan-archive-multipart-notif
  • FortiGate-antivirus-file-monitored
IDS / IPS Report
Firewall Action Severity Source/Destination IP Risk Score
Allowed / Detected / Alert / <blank>"Critical" / "High" / "1"5
Blocked / Block / Dropped / DropNot "Low" / not "Informational" / not "3"Both are private4
Allowed / Detected / Alert / <blank>"Medium" / "2"3
Others1
AnyNo LogsN/A5
Web Filter Report
Firewall Action WF Security Risk Count Risk Score
Passthrough / Allowed / forwardYes> 10,0005
Passthrough / Allowed / forwardYes<= 10,0004
Blocked / dropYes-3
Blocked / dropNo-2
Passthrough / Allowed / forwardNo-1
No Logs--5
Application Control Report
Firewall Action AppCtrl Security Risk Count Risk Score
Pass / allow / forward / NA / <blank>Yes> 10,0005
Pass / allow / forward / NA / <blank>Yes<= 10,0004
Block / dropYesAny3
Block / dropNoAny2
Pass / allow / forward / NA / <blank>NoAny1
No LogsN/AAny5
Firewall Config Changes Report
Source IP Risk Score
Public IP3
Private IP1
No Logs1
Credentials Compromise Report
Condition Risk Score
Account compromises found with password hits4
Account compromises found without password hits2
No compromises found1
EDR Report
i
PLEASE NOTE The highest risk score (ceiling) will be taken from any of the following conditions:
CrowdStrike
Event SeverityProcess BlockedRisk Score
9, 10Not "True"5
9, 10"True"4
6, 7, 8Not "True"4
6, 7, 8"True"3
3, 4, 5Not "True"3
3, 4, 5"True"2
All other-1
No Logs-1
Microsoft Defender
SeverityEvent Type GroupEvent TypeRisk Score
AnyAnyconfirmedCompromised5
9, 10Not "Info" / Not "Suspicious Logon"Not "confirmedCompromised"5
6, 7, 8Not "Info" / Not "Suspicious Logon"Not "confirmedCompromised"4
4, 5Not "Info" / Not "Suspicious Logon"Not "confirmedCompromised"3
2, 3Not "Info" / Not "Suspicious Logon"Not "confirmedCompromised"2
All other--1
No Logs--1
FortiEDR
Firewall ActionEvent ClassifierRisk Score
Not "blocked"Malicious5
"blocked"Malicious4
Not "blocked"Suspicious, PUP3
"blocked"Suspicious, PUP2
All other-1
No Logs-1
SentinelOne
Event TypeRisk Score
New_Threat_Not_Mitigated / Threat_Mitigation_Report_Quarantine_Failed / Threat_Mitigation_Report_Kill_Failed / Threat_Mitigation_Report_Remediate_Failed5
New_Threat_Suspicious3
Threat_Mitigation_Report_Kill_Success / Threat_Mitigation_Report_Quarantine_Success / Threat_Mitigation_Report_Remediate_Success / New_Threat_Preemptive_Block / New_Threat_Mitigated2
No Logs1
McAfee ePO
i
PLEASE NOTE This logic is not currently available because the Threat Level field is not yet available in Power BI reports. It is expected to be made available in Q3/Q4 2026.
Threat LevelFirewall ActionRisk Score
CriticalAllow / No action5
CriticalWould Block4
CriticalBlocked3
AlertContinue Scanning / Replaced3
NoticeATP would clean / ATP would block / ATP would contain2
NoticeClean / None1
WarningDeny access / Not Applicable / None1
InformationNone / Blocked1
No logs-1
FW Bandwidth Report
FW Bandwidth scoring is not available yet
We are still working on the logic to calculate scores for this category. It will be available shortly.

Security Risk References

WebFilter Security Risk

The following references are considered security risks and affect the risk score for the mentioned reports.

44 references
AI- Adware Artificial Intelligence artificial-intelligence Command and Control Crypto Dynamic DNS Hacking Malicious Malware Phishing Newly Observed Domain Newly Registered Domain P2P File sharing Parked Domains Peer-to-peer Personal VPN Potentially Unwanted Program Proxy Avoidance Proxy/Anonymizer Remote Access newly-registered-domain online-storage-and-backup proxy-avoidance-and-anonymizers Hacking/Proxy Avoidance Systems Malicious Domains Botnets Spyware Viruses Intrusion Sites Suspicious Newly Registered Domains Unknown Uncategorized Proxies VPN Anonymizing Services Cryptojacking Cryptocurrency Mining Spam URLs Drive-by Download Sites Exploit Sites Compromised Websites
AppCtrl Security Risk

The following references are considered security risks and affect the risk score for the mentioned reports.

10 references
Al-APPS BACKUP-APPS Email EMAIL-APPS Proxy PROXY-ACCESS Remote.Access REMOTE-ACCESS Storage.Backup VPN

Are you protected?

Connect with our experts to start your Cybersecurity Assessment.

Contact Us
Contact Us

 LCM -A Leader In Security

Stay updated with the latest news and trends in cybersecurity

Cybersecurity Blog | LCM Security
LCM Security and CyVault Partnership Announcement
LCM Security and CyVault Partnership Announcement

Today, LCM and CyVault announced a new strategic partnership designed to integrate CyVault’s OT capabilities into LCM’s IT Governance Program and MDR Service.

Read More →
FORTIS: Framework-Oriented Risk and Threat Intelligence Score
FORTIS: Framework-Oriented Risk and Threat Intelligence Score

LCM Security’s proprietary FORTIS service helps organizations clearly identify and prioritize their highest cybersecurity risks. Built on industry-recognized frameworks such as NIST CSF and CIS CSC, FORTIS combines these best-practice standards with intelligence gathered by our SOC team to produce targeted risk scores.

Read More →
Navigating Bill 194 Webinar
Navigating Bill 194 Webinar

For many years, Fortinet and LCM have helped the broader public sector, including municipalities, K–12 school boards, hospitals, and children’s aid societies, strengthen their cybersecurity posture using recognized frameworks like NIST and CIS.

With the introduction of Bill 194, these organizations now face new regulatory obligations while continuing to mature their cybersecurity programs.

Read More →