Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

Incidents with multiple endpoints and users 6.4.2

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:537572
Download PDF

Incidents with multiple endpoints and users 6.4.2

This is an enhancement to the FortiSOC module supporting multiple endpoints and users for incidents.

To view incidents with multiple endpoints/users:
  1. In the Event Monitor, you can raise or add events with multiple endpoints and users to an incident.
    Note

    When endpoint/users are manually raised/added to an incident, only the first endpoint will be displayed when the incident is raised and there is an approximate five second delay to show multiple endpoint/user information on the incident analysis page. When a playbook runs a task using the local connector to create an incident, there is an approximate 20 second delay to display all information.

  2. On the incident analysis page, information about multiple endpoint/users is available in the Affected Assets tab.
    You can also click the navigation arrows in the Affected Endpoint/User widget to show additional users and endpoints.

    Click a user in the Affected Assets list to see additional endpoint information in a dialog window.

Previous
Next

Incidents with multiple endpoints and users 6.4.2

This is an enhancement to the FortiSOC module supporting multiple endpoints and users for incidents.

To view incidents with multiple endpoints/users:
  1. In the Event Monitor, you can raise or add events with multiple endpoints and users to an incident.
    Note

    When endpoint/users are manually raised/added to an incident, only the first endpoint will be displayed when the incident is raised and there is an approximate five second delay to show multiple endpoint/user information on the incident analysis page. When a playbook runs a task using the local connector to create an incident, there is an approximate 20 second delay to display all information.

  2. On the incident analysis page, information about multiple endpoint/users is available in the Affected Assets tab.
    You can also click the navigation arrows in the Affected Endpoint/User widget to show additional users and endpoints.

    Click a user in the Affected Assets list to see additional endpoint information in a dialog window.

Previous
Next