Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.2.8 Administration Guide
    7.2.8
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    All Events

    All Events

    To view all the events, go to FortiSoC/Incidents & Events > Event Monitor > All Events.

    Double-click an event line to drill down for more details.

    Hover your mouse over an entry to view the asset and identity information for that event.

    You can perform the following actions from the toolbar:

    Save as New Custom View

    Save the current view including filter settings, device selection, and time period.

    Devices

    Select devices from the dropdown to filter the table view.

    Time Period

    Select a time period to filter the table view. Select Custom to specify a time period not in the dropdown list.

    Show Acknowledged

    Click to include acknowledged events in the table view. See Acknowledging events.

    Collapse All/Expand All

    Click to expand or collapse the event details displayed in the table view.

    Refresh

    Click to manually refresh the table view.

    Alternatively, from the dropdown, you can specify an automatic refresh interval for the table view.

    Export to CSV

    Click to download the current table view of events in a CSV file.

    Filters

    Enter filters for the table view. See Filtering events.

    Column Settings

    Select which columns are displayed for the table view.

    By right-clicking an event in the table view, you can perform the following actions from the shortcut menu:

    Acknowledge

    Acknowledge the event. See Acknowledging events.

    Comment

    Enter a comment for the event. The comment is displayed in the Comment column, which can be added to the table view from Column Settings.

    Assign To

    Select an admin to assign the event to. The assigned admin is displayed in the Assigned To column, which can be added to the table view from Column Settings.

    View Logs

    Open a table view of sampled logs associated with the event.

    For example, if there are 20 associated logs that triggered the event under the same conditions, only one sample log display in the View Logs pane. To view all logs associated with the event, use Search in Log View.

    Search in Log View

    Open Log View in a separate tab, filtered to display all logs associated with the event.

    Create New Incident

    Create a new incident from the event. See Raising an incident.

    Add to Existing Incident

    Attach the event to an existing incident. In the Attach to Incident dialog, enter an incident number or select an incident from the table and click OK.

    Filter by <criteria> =

    Filter for events that are equal to the criteria that you right-clicked in the table view. See Filtering events.

    Filter by <criteria> !=

    Filter for events that are not equal to the criteria that you right-clicked in the table view. See Filtering events.
    Previous
    Next

    All Events

    All Events

    To view all the events, go to FortiSoC/Incidents & Events > Event Monitor > All Events.

    Double-click an event line to drill down for more details.

    Hover your mouse over an entry to view the asset and identity information for that event.

    You can perform the following actions from the toolbar:

    Save as New Custom View

    Save the current view including filter settings, device selection, and time period.

    Devices

    Select devices from the dropdown to filter the table view.

    Time Period

    Select a time period to filter the table view. Select Custom to specify a time period not in the dropdown list.

    Show Acknowledged

    Click to include acknowledged events in the table view. See Acknowledging events.

    Collapse All/Expand All

    Click to expand or collapse the event details displayed in the table view.

    Refresh

    Click to manually refresh the table view.

    Alternatively, from the dropdown, you can specify an automatic refresh interval for the table view.

    Export to CSV

    Click to download the current table view of events in a CSV file.

    Filters

    Enter filters for the table view. See Filtering events.

    Column Settings

    Select which columns are displayed for the table view.

    By right-clicking an event in the table view, you can perform the following actions from the shortcut menu:

    Acknowledge

    Acknowledge the event. See Acknowledging events.

    Comment

    Enter a comment for the event. The comment is displayed in the Comment column, which can be added to the table view from Column Settings.

    Assign To

    Select an admin to assign the event to. The assigned admin is displayed in the Assigned To column, which can be added to the table view from Column Settings.

    View Logs

    Open a table view of sampled logs associated with the event.

    For example, if there are 20 associated logs that triggered the event under the same conditions, only one sample log display in the View Logs pane. To view all logs associated with the event, use Search in Log View.

    Search in Log View

    Open Log View in a separate tab, filtered to display all logs associated with the event.

    Create New Incident

    Create a new incident from the event. See Raising an incident.

    Add to Existing Incident

    Attach the event to an existing incident. In the Attach to Incident dialog, enter an incident number or select an incident from the table and click OK.

    Filter by <criteria> =

    Filter for events that are equal to the criteria that you right-clicked in the table view. See Filtering events.

    Filter by <criteria> !=

    Filter for events that are not equal to the criteria that you right-clicked in the table view. See Filtering events.
    Previous
    Next