FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 190283
Description
Uses for the Threat Score and Threat Override Functions

Scope
Version:  Network Sentry 8
Solution
Version:  Network Sentry 8


In the Network Sentry Administrative UI Hosts > Application view, there are two columns that refer to the level of trust of an application: Threat Score and Threat Override.

Note:  Threat Score and Threat Override fields are only available with the Secure Enterprise Premier license.  To verify license type installed in Network Sentry, navigate to System > Settings System Management > License Management.

Threat Score: 
A numeric value assigned to the application by the Threat Analysis Engine added under System > Settings > System Communication > Threat Analysis Engines.   The value will be an integer between 1 and 10.  Refer to vendor documentation for more information regarding thread score values and how they are determined.   
The Threat Score is only populated if a Threat Analysis Engine has been added.

Threat Analysis Engines are used when applications are submitted via an agent to Network Sentry. Applications are submitted to the Threat Analysis Engine for verification and Network Sentry will receive an Application Threat Score from the service. Currently, only FireEye MTP is available to be added as a Threat Analysis Engine.


Set Threat Override
:  Overrides the existing Threat Score listed for that application.  This function can be used in situations where...
  • There is no Threat Score for the application.
  • It is desired to mark an application as either "trusted" or "untrusted" regardless of the existing Threat Score.

The Threat Score or Threat Override can be used for the following:
  • Provisioning the host with a different level of network access (such as internet only or no network access at all) using a Network Access Policy.  See solution Provision Network Access Based on Application Threat Score.  
  • Notifying the Helpdesk, administrators or users (when used as part of a Security Rule).  See Online Help topic Add/Modify A Security Rule for details.

Contributors