Alerts
The Alerts page displays the number of Total Alerts and lists the alerts by Last Modified date. To filter the list, click the filter icon () in the column heading or enter a term in the Search an alert field. To view more pages in the list, click the arrow keys ( |< < > >|) at the bottom of the page.
You can create a custom view of the alerts list by clicking the menu icon () at the top right of the page and selecting the columns you want to display. Click the refresh icon () to refresh the data. To export the current view as a CSV file, click the download () icon.
The Alerts page displays the following information:
Column | Description | ||
---|---|---|---|
ID | The alert ID. | ||
Name | The alert's description. | ||
Severity | The alert severity such as Medium or Critical. | ||
Created On | The date the alert was created. | ||
Last Modified |
The date the alert was last modified, for example when new correlations are added by the Fortinet SOC team.
|
||
Type | The type of alert such as Malware or Intrusion. For a complete list of alert types, click the filter icon in the column heading. | ||
Status |
The status of the alert. You can change the status of an alert in the alert details page. It is recommended that you update the Status field for your alerts as they are confirmed, in progress, and closed. See Alert status and closure. |
||
SLA |
SOCaaS SLA tracker. |
||
Closure Notes |
A description of the alert closure. This field is configurable in the alert details page when setting the Status as Closed. It is recommended that you update the Closure Notes field when setting the status of an alert as closed. See Alert status and closure. |
||
Affected Endpoint |
The host name or IP address of the affected endpoint(s). + more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints. |
||
Analysis and Recommendation | Alert analysis and recommendation from Fortinet SOC team. | ||
Escalation Time |
The date and time the Fortinet SOC team escalated the alert. |