FORTIS Logic

Overview

This page provides an explanation of how Risk Scores are calculated for various cybersecurity-related reports in Power BI. These scores are designed to help prioritize security events based on severity, action type, and IP classifications.

Risk Score Range

5 Critical

Detected malware or direct threat activity.

4 High

Strong indicators of potentially malicious behavior.

3 Medium

Suspicious behavior needing further investigation.

2 Low

Benign but logged for visibility.

1 Informational

General activity.

Report - Key Conditions

Anti-Malware Report
ConditionRisk Score
[Firewall Action] is "detected" AND [Event Type] is NOT in the excluded list*5
[Firewall Action] is "monitored" AND [Event Type] is NOT in the excluded list*5
[Firewall Action] is "passthrough" AND [Event Type] is NOT in the excluded list*5
[Firewall Action] is "blocked" AND both Source & Destination IPs are private4
[Firewall Action] is "dropped" AND both Source & Destination IPs are private4
[Firewall Action] is "blocked" (all other cases)2
[Firewall Action] is "dropped" (all other cases)2
Anything else1
No Logs1

Excluded Event Types*

  • FortiGate-antivirus-file-oversize
  • FortiGate-antivirus-scan-archive-oversize-notif
  • FortiGate-antivirus-scan-archive-corrupted-notif
  • FortiGate-antivirus-file-submitted
  • FortiGate-antivirus-scan-archive-multipart-notif
  • FortiGate-antivirus-file-monitored
IDS / IPS Report
Firewall Action Severity Source/Destination IP Risk Score
Allowed"Critical" / "High" / "1"5
BlockedNot "Low" / not "Informational" / not "3"Both are private4
Allowed"Medium" / "2"3
Others1
AnyNo LogsN/A5
Web Filter Report
Firewall Action WF Security Risk Count Risk Score
PassthroughYes> 10,0005
AllowedYes> 10,0005
PassthroughYes≤ 10,0004
AllowedYes≤ 10,0004
BlockedYesAny3
BlockedNoAny2
PassthroughNoAny1
AllowedNoAny1
No LogsN/AAny5
Application Control Report
Firewall Action AppCtrl Security Risk Count Risk Score
PassYes> 10,0005
PassYes≤ 10,0004
BlockYesAny3
BlockNoAny2
PassNoAny1
No LogsN/AAny5
Firewall Config Changes Report
Source IP Risk Score
Public IP3
Private IP1
No Logs1
Credentials Compromise Report
Currently N/A - we are still working on the logic to calculate scores for this category, and it will be available shortly.
EDR Report
Currently N/A - we are still working on the logic to calculate scores for this category, and it will be available shortly.
FW Bandwidth Report
Currently N/A - we are still working on the logic to calculate scores for this category, and it will be available shortly.

Security Risk References

WebFilter Security Risk

The following categories are considered security risk and affect the risk score for the mentioned reports.

AI-data-and-workflow-optimizer AI-website-generator Artificial Intelligence Technology Command and Control Crypto Mining Cryptomining Dynamic DNS Hacking Illegal Downloads Illegal or Unethical Malicious Websites Malware Malware, Phishing Newly Observed Domain Newly Registered Domain P2P / File sharing Parked Domains Peer-to-peer File Sharing Personal VPN Phishing Potentially Unwanted Program Proxy Avoidance Remote Access Artificial Intelligence Proxy/Anonymizer, Allow List, Encrypted DNS Academic Fraud, Cheating and Plagiarism Adware, Software/Technology, Computers and Internet
AppCtrl Security Risk

The following categories are considered security risk and affect the risk score for the mentioned reports.

Email P2P Remote.Access Storage.Backup Proxy

Are you protected?

Connect with our experts to start your Cybersecurity Assessment.

 LCM -A Leader In Security

Stay updated with the latest news and trends in cybersecurity

Cybersecurity Blog | LCM Security
Happy Holidays from The LCM Team
Happy Holidays from The LCM Team

LCM wishes our clients Happy Holidays and a prosperous New Year. We look forward to working with you in 2023 and helping you meet your cybersecurity goals

Read More →
Why Are Cybersecurity Assessments Important for Organizations?
Why Are Cybersecurity Assessments Important for Organizations?

There are thousands of cybersecurity vulnerabilities that threaten systems and software, with the potential to cause substantial financial losses for organizations. To protect against these vulnerabilities, organizations need to conduct regular cybersecurity assessments that identify IT security gaps.

Read More →
CIS Controls Version 8 Released
CIS Controls Version 8 Released

On May 18, 2020, the Center for Internet Security (CIS) released Version 8 of its CIS Controls. Formerly the SANS Critical Controls (SANS Top 20) and the CIS Critical Security Controls, the consolidated Controls are now officially called the CIS Controls.

Read More →