Fortinet black logo

User Guide

Home SOCaaS User Guide

Alerts

Alerts

The Alerts page displays the number of Total Alerts and lists the alerts by Last Modified date. To filter the list, click the filter icon () in the column heading or enter a term in the Search an alert field. To view more pages in the list, click the arrow keys ( |< < > >|) at the bottom of the page.

You can create a custom view of the alerts list by clicking the menu icon () at the top right of the page and selecting the columns you want to display. Click the refresh icon () to refresh the data. To export the current view as a CSV file, click the download () icon.

The Alerts page displays the following information:

Column Description
ID The alert ID.
Name The alert's description.
Severity The alert severity such as Medium or Critical.
Created On The date the alert was created.
Last Modified

The date the alert was last modified, for example when new correlations are added by the Fortinet SOC team.

Note

Sort by the Last Modified field to view your alerts by the latest updates.
Type The type of alert such as Malware or Intrusion. For a complete list of alert types, click the filter icon in the column heading.
Status

The status of the alert. You can change the status of an alert in the alert details page.

It is recommended that you update the Status field for your alerts as they are confirmed, in progress, and closed. See Alert status and closure.

SLA

SOCaaS SLA tracker.
Closure Notes

A description of the alert closure. This field is configurable in the alert details page when setting the Status as Closed.

It is recommended that you update the Closure Notes field when setting the status of an alert as closed. See Alert status and closure.
Affected Endpoint

The host name or IP address of the affected endpoint(s).

+ more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

Analysis and Recommendation Alert analysis and recommendation from Fortinet SOC team.

Escalation Time

The date and time the Fortinet SOC team escalated the alert.
Previous
Next

Alerts

The Alerts page displays the number of Total Alerts and lists the alerts by Last Modified date. To filter the list, click the filter icon () in the column heading or enter a term in the Search an alert field. To view more pages in the list, click the arrow keys ( |< < > >|) at the bottom of the page.

You can create a custom view of the alerts list by clicking the menu icon () at the top right of the page and selecting the columns you want to display. Click the refresh icon () to refresh the data. To export the current view as a CSV file, click the download () icon.

The Alerts page displays the following information:

Column Description
ID The alert ID.
Name The alert's description.
Severity The alert severity such as Medium or Critical.
Created On The date the alert was created.
Last Modified

The date the alert was last modified, for example when new correlations are added by the Fortinet SOC team.

Note

Sort by the Last Modified field to view your alerts by the latest updates.
Type The type of alert such as Malware or Intrusion. For a complete list of alert types, click the filter icon in the column heading.
Status

The status of the alert. You can change the status of an alert in the alert details page.

It is recommended that you update the Status field for your alerts as they are confirmed, in progress, and closed. See Alert status and closure.

SLA

SOCaaS SLA tracker.
Closure Notes

A description of the alert closure. This field is configurable in the alert details page when setting the Status as Closed.

It is recommended that you update the Closure Notes field when setting the status of an alert as closed. See Alert status and closure.
Affected Endpoint

The host name or IP address of the affected endpoint(s).

+ more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

Analysis and Recommendation Alert analysis and recommendation from Fortinet SOC team.

Escalation Time

The date and time the Fortinet SOC team escalated the alert.
Previous
Next