Fortinet black logo

User Guide

Home SOCaaS User Guide

Dashboard

Dashboard

The Dashboard provides an overview of monitored assets, log collection, threat detection, and alert escalation.

To view alerts over time, click the Alerts: Last 7 Days dropdown at the top left of the page and select a time range between the last 7 to 90 days. Click the Refresh button at the top right of the page to refresh the data.

The following information is available on the dashboard:

Chart name

Description
SOC Monitoring Summary

The SOC Monitoring Summary contains information about the following:

  • The number of monitored devices, endpoints, and users. Endpoint and user information is obtained through security logs collected by FortiAnalyzer.
    • Monitored Devices: The number of devices onboarding for SOCaaS monitoring.
    • Monitored Endpoints: The number of endpoints detected from FortiGate logs.
    • Monitored Users: The number of users detected from FortiGate logs.
  • The number of logs collected and processed, security events detected, alerts generated and triaged, and incidents confirmed and escalated by the Fortinet SOC team.
    • Processed Logs: Number of logs collected and processed from customer's FortiGate(s).
    • Security Event: Security events filtered and triaged by FortiAnalyzer event handlers, based on the detections in FortiGate logs.
    • Triaged Alerts: Alerts in which a preliminary assessment was completed by the SOC team to determine if the Alerts should be escalated to the customer. These can be false positive or other events that do not require escalation.
    • Escalated Alerts: Alerts that are found to be high or critical risk or severity (malicious or high suspicious) and are escalated to the customer for review and action in the Alerts view.
Alerts by Severity, Status and SLA These donut charts display information about alerts based on their severity, status, and SLA. Click See details to view more information about the categories present in the charts. These charts are updated in near real-time.
Open Alerts by Category Displays information about open alerts based on their category. These charts are updated in near real-time.
Average Log Rate Shows the average log rate received from FortiAnalyzer. This chart is updated daily.
Log Collection Breakdown Shows the log collection breakdown based on FortiGate event type: System Events, Traffic, and UTM. This chart is updated daily.

Threat Detection Trend

Shows the threat detection trend for Security Events, Triaged Alerts, and Escalated Alerts over a period of time. This chart is updated daily.

Location Map

The location map is displayed when the location has been specified for at least one managed Fabric device. See My Assets for more information.

List of Open Alerts

Displays a list of open alerts which may require your attention. See List of Open Alerts.

List of Open Alerts

The List of Open Alerts displays your alerts by the Last Modified date. Click an alert in the list to view the alert details. You can filter the list by clicking the filter icon () in the column heading. To view more pages, click the arrow keys( |< < > >|) at the bottom of the page. In the Affected Endpoint column, + more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

Previous
Next

Dashboard

The Dashboard provides an overview of monitored assets, log collection, threat detection, and alert escalation.

To view alerts over time, click the Alerts: Last 7 Days dropdown at the top left of the page and select a time range between the last 7 to 90 days. Click the Refresh button at the top right of the page to refresh the data.

The following information is available on the dashboard:

Chart name

Description
SOC Monitoring Summary

The SOC Monitoring Summary contains information about the following:

  • The number of monitored devices, endpoints, and users. Endpoint and user information is obtained through security logs collected by FortiAnalyzer.
    • Monitored Devices: The number of devices onboarding for SOCaaS monitoring.
    • Monitored Endpoints: The number of endpoints detected from FortiGate logs.
    • Monitored Users: The number of users detected from FortiGate logs.
  • The number of logs collected and processed, security events detected, alerts generated and triaged, and incidents confirmed and escalated by the Fortinet SOC team.
    • Processed Logs: Number of logs collected and processed from customer's FortiGate(s).
    • Security Event: Security events filtered and triaged by FortiAnalyzer event handlers, based on the detections in FortiGate logs.
    • Triaged Alerts: Alerts in which a preliminary assessment was completed by the SOC team to determine if the Alerts should be escalated to the customer. These can be false positive or other events that do not require escalation.
    • Escalated Alerts: Alerts that are found to be high or critical risk or severity (malicious or high suspicious) and are escalated to the customer for review and action in the Alerts view.
Alerts by Severity, Status and SLA These donut charts display information about alerts based on their severity, status, and SLA. Click See details to view more information about the categories present in the charts. These charts are updated in near real-time.
Open Alerts by Category Displays information about open alerts based on their category. These charts are updated in near real-time.
Average Log Rate Shows the average log rate received from FortiAnalyzer. This chart is updated daily.
Log Collection Breakdown Shows the log collection breakdown based on FortiGate event type: System Events, Traffic, and UTM. This chart is updated daily.

Threat Detection Trend

Shows the threat detection trend for Security Events, Triaged Alerts, and Escalated Alerts over a period of time. This chart is updated daily.

Location Map

The location map is displayed when the location has been specified for at least one managed Fabric device. See My Assets for more information.

List of Open Alerts

Displays a list of open alerts which may require your attention. See List of Open Alerts.

List of Open Alerts

The List of Open Alerts displays your alerts by the Last Modified date. Click an alert in the list to view the alert details. You can filter the list by clicking the filter icon () in the column heading. To view more pages, click the arrow keys( |< < > >|) at the bottom of the page. In the Affected Endpoint column, + more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

Previous
Next