Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Asset and Identity Center

Endpoints and end users are important assets in a network as they are the main entry points in a cybersecurity breach. The Fabric View > Asset & Identity pane is the central location for security analysts to view endpoint and user information to make sure they are compliant.

Asset & Identity is useful for the following:

  • User and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.
  • Incident response. Use Asset & Identity to check assets that are infected or vulnerable as part of your SOC analysis and incident response process.
  • Compliance. The Asset & Identity view gives visibility to unknown and non-compliant users and endpoints.

This pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

Column

Description

User

Username, and the user's avatar and social IDs, if available.

Endpoint

Endpoint host name, IP address, or MAC address.

Hardware / OS

OS name and version.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities.

IP Address / FortiGate / Interface

IP address, FortiGate, and FortiGate interface the endpoint is connected to.

A user might be connected to multiple endpoints.

Use the toolbar to select a Security Fabric, time period, columns, and user display preferences.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.

To provided a unified experience, admins can customize how the asset and identity information will be displayed, including which fields are displayed, order, and priority.

To configure the asset and identity display settings:
  1. Go to Fabric ViewAsset and IdentityUser Display Preferences.
  2. Select the order preference tab you want to configure.
    Tabs include Name, Picture, Email, Phone Number, and Social.
  3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the asset and identity pop-up window.
  4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.

Asset and Identity Center

Endpoints and end users are important assets in a network as they are the main entry points in a cybersecurity breach. The Fabric View > Asset & Identity pane is the central location for security analysts to view endpoint and user information to make sure they are compliant.

Asset & Identity is useful for the following:

  • User and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.
  • Incident response. Use Asset & Identity to check assets that are infected or vulnerable as part of your SOC analysis and incident response process.
  • Compliance. The Asset & Identity view gives visibility to unknown and non-compliant users and endpoints.

This pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

Column

Description

User

Username, and the user's avatar and social IDs, if available.

Endpoint

Endpoint host name, IP address, or MAC address.

Hardware / OS

OS name and version.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities.

IP Address / FortiGate / Interface

IP address, FortiGate, and FortiGate interface the endpoint is connected to.

A user might be connected to multiple endpoints.

Use the toolbar to select a Security Fabric, time period, columns, and user display preferences.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.

To provided a unified experience, admins can customize how the asset and identity information will be displayed, including which fields are displayed, order, and priority.

To configure the asset and identity display settings:
  1. Go to Fabric ViewAsset and IdentityUser Display Preferences.
  2. Select the order preference tab you want to configure.
    Tabs include Name, Picture, Email, Phone Number, and Social.
  3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the asset and identity pop-up window.
  4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.