Fortinet white logo
Fortinet white logo

Administration Guide

Asset List

Asset List

To open the Asset List, go to Fabric View > Asset Identity Center > Asset Identity List > Asset List and select Asset in the top-right corner of the pane.

This table view lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

The following default columns are available in the table:

Column

Description

Endpoint Name

Endpoint host name.

Tags

Tags are used to group and identify assets to assist SOC analysts with incident management and prioritization.

Tags can be defined by FortiClient EMS or when creating subnets and subnet groups in FortiAnalyzer.

FortiClient EMS tags are determined based on the Classification Tag assigned in FortiClient EMS. Tags are displayed in the Asset Center when a playbook retrieves information about that endpoint using the Get Endpoints task available with a FortiClient EMS connector. See Configuring connectors for automation.

Subnet tags are configurable when creating new subnets and subnet groups in FortiAnalyzer. See Subnets.

User

The name of the user. Click the name to view the corresponding user information in the Identity Center pane.

MAC Address

Endpoint MAC address.

IP Address

IP address the endpoint is connected to. A user might be connected to multiple endpoints.

FortiClient UUID

Unique ID of the FortiClient.

Hardware / OS

OS name and version.

Software

Click Details to view information about software installed on an endpoint when available.

Endpoint software information is retrieved when a playbook runs the Get Software Inventory action using the FortiClient EMS connector. See Automation.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities. Click the vulnerability to view the name and category. Right-click the vulnerability to view available on-demand actions using a security fabric connector.

Endpoint vulnerability information is retrieved when a playbook runs the Get Vulnerabilities action using the FortiClient EMS connector. See Automation.

Last Update

The date and time the log was updated.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.
To filter the entries using filters in the toolbar:
  • Specify filters in the Add Filter box.

    • Regular Search: In the selected summary view, click the plus icon and select a filter from the dropdown list, then type a value. Click NOT to negate the filter value. You can add multiple filters and connect them with “and” or “or”.

    • Advanced Search: Click the Switch to Advanced Search icon at the end of the Add Filter box. In Advanced Search mode, enter the search criteria (log field names and values). Click the Switch to Regular Search icon to go back to regular search.

To create a custom view in the toolbar:
  1. In the toolbar, click the column settings icon, and select the columns you want to display.
  2. Click Custom View > Save As Custom View. The Save as New Custom View dialog is displayed.
  3. In the Name field, enter a name for the custom view, and click OK. The view is saved under Fabric View > Asset Identity Center > Custom View.
To change the visibility of a custom view:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. In Fabric View > Asset Identity Center > Custom View, select the menu icon next to your custom view, and select Share with Others.

    You can also Rename, Save As (clone), or Delete the custom view.

  3. Set the Privacy field to On: Public or Off: Private, and click OK.
To download the entries as a CSV file:
  1. Click Download.

Asset List

Asset List

To open the Asset List, go to Fabric View > Asset Identity Center > Asset Identity List > Asset List and select Asset in the top-right corner of the pane.

This table view lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

The following default columns are available in the table:

Column

Description

Endpoint Name

Endpoint host name.

Tags

Tags are used to group and identify assets to assist SOC analysts with incident management and prioritization.

Tags can be defined by FortiClient EMS or when creating subnets and subnet groups in FortiAnalyzer.

FortiClient EMS tags are determined based on the Classification Tag assigned in FortiClient EMS. Tags are displayed in the Asset Center when a playbook retrieves information about that endpoint using the Get Endpoints task available with a FortiClient EMS connector. See Configuring connectors for automation.

Subnet tags are configurable when creating new subnets and subnet groups in FortiAnalyzer. See Subnets.

User

The name of the user. Click the name to view the corresponding user information in the Identity Center pane.

MAC Address

Endpoint MAC address.

IP Address

IP address the endpoint is connected to. A user might be connected to multiple endpoints.

FortiClient UUID

Unique ID of the FortiClient.

Hardware / OS

OS name and version.

Software

Click Details to view information about software installed on an endpoint when available.

Endpoint software information is retrieved when a playbook runs the Get Software Inventory action using the FortiClient EMS connector. See Automation.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities. Click the vulnerability to view the name and category. Right-click the vulnerability to view available on-demand actions using a security fabric connector.

Endpoint vulnerability information is retrieved when a playbook runs the Get Vulnerabilities action using the FortiClient EMS connector. See Automation.

Last Update

The date and time the log was updated.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.
To filter the entries using filters in the toolbar:
  • Specify filters in the Add Filter box.

    • Regular Search: In the selected summary view, click the plus icon and select a filter from the dropdown list, then type a value. Click NOT to negate the filter value. You can add multiple filters and connect them with “and” or “or”.

    • Advanced Search: Click the Switch to Advanced Search icon at the end of the Add Filter box. In Advanced Search mode, enter the search criteria (log field names and values). Click the Switch to Regular Search icon to go back to regular search.

To create a custom view in the toolbar:
  1. In the toolbar, click the column settings icon, and select the columns you want to display.
  2. Click Custom View > Save As Custom View. The Save as New Custom View dialog is displayed.
  3. In the Name field, enter a name for the custom view, and click OK. The view is saved under Fabric View > Asset Identity Center > Custom View.
To change the visibility of a custom view:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. In Fabric View > Asset Identity Center > Custom View, select the menu icon next to your custom view, and select Share with Others.

    You can also Rename, Save As (clone), or Delete the custom view.

  3. Set the Privacy field to On: Public or Off: Private, and click OK.
To download the entries as a CSV file:
  1. Click Download.