Alert
FortiCWP aims to grant users the ability to manage policy triggered alerts. It provides flexibility for you to determine alert status, such as leaving the alerts open or dismissed thus reducing the amount of alerts in Alert page.
Prerequisite
The prerequisite to generate alerts is to enable and configure security policies required by your organization. For more details on configuring policies, please refer to Policy Configuration
Accessing Alert
Follow these steps to view alerts.
- From FortiCWP navigation pane on the left, click Alert.
- Filter alerts through account type, alert states, severity level, activity, etc.
- Click on any of the alert will show alert summary, policy name, object, severity level, created date and last updated date.
- Click on Policy Name will show the related policy.
- Click on Object will show detailed information on the cloud resource.
Types of Alert State
Alert state is the second filter from the top row. Click on the drop down menu to choose one of the alert state.
Alert States and Descriptions:
Open- New violation found for the given resource and policy pair.
Resolved- The policy violation became not applicable anymore due to change of policy or resource. "Resolved" state can only be changed by FortiCWP automatically.
Dismissed- User can manually dismissed the alert, but the violation may still exist. "Dismissed" state can only be changed by users.
Acknowledged- For DLP, compliance, threat protection policies, users can only change the alert state to "Acknowledged".
Alert States Transition Table
Alert states can be changed either manually or automatically by FortiCWP depending on the initial alert state and policy. Below are tables of current states alerts with the available transitional state per policy type.
Risk assessment
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Resolved |
Policy updated |
automatic |
Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list. |
Policy disabled |
automatic |
Policy was disabled which led to termination of scanning and previously triggered alerts would disappear. |
||
Resource updated |
automatic |
Resource configuration was updated to fix the violation. |
||
Resource deleted |
automatic |
Resource was deleted. |
||
Dismissed |
User action |
manual |
User manually dismiss the alert. |
|
Dismissed |
Open |
User action |
manual |
User manually reopened the alert. |
Resolved |
Open |
Policy updated |
automatic |
Policy was updated, e.g. the resource was removed from policy allow list. |
Policy enabled |
automatic |
Policy was enabled again. New Scanning resumed and previously triggered alert will appear again. |
Network
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Dismissed |
User action |
manual |
User manually dismissed the alert. |
Dismissed |
Open |
User action |
manual |
User manually reopened the alert. |
Integration
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Dismissed |
User action |
manual |
User manually dismissed the alert. |
Dismissed |
Open |
User action |
manual |
User manually reopened the alert. |
Threat Protection
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given policy. |
Open |
Acknowledged |
User action |
manual |
User manually marked the alert as acknowledged. |
Data Analysis
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Acknowledged |
User action |
manual |
User manually marked the alert as acknowledged. |
Compliance
Current State |
Next State |
Action |
Policy Control |
Description |
---|---|---|---|---|
None |
Open |
Alert triggered |
automatic |
New violation found for the given resource and policy pair. |
Open |
Acknowledged |
User action |
manual |
User manually marked the alert as acknowledged. |