Fortinet black logo

Handbook

Columns displayed

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:487906
Download PDF

Columns displayed

The following columns appear in the initial window of the dashboards. Some columns may only be visible by selecting them from the column drop-down menu. Options vary depending on the dashboard selected.

Column name

Description

Action

Displays the type of response taken to a security event. The types of possible actions are as follows:
  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Note: This column is only available in the All Sessions console.

Application

Displays the application name and service. When Time Display is set to now, you can access further information about an application by selecting the column entry.

Application Category

Displays the type of application used in the selected session, e.g. video player, social media.

Note: This column is only available in the All Sessions console.

Application ID

Displays the identification number associated with the application used in the selected session.

Note:This column is only available in the All Sessions console.

Application Risk

Risk

Displays the application risk level. You can hover the mouse cursor over the entry in the column for additional information, and select the column header to sort entries by level of risk.Risk uses a 5-point risk rating. The rating system is as follows:

  • Critical: Applications that are used to conceal activity to evade detection.
  • High: Applications that can cause data leakage, are prone to vulnerabilities, or may download malware.
  • Medium: Applications that can be misused.
  • Elevated: Applications that are used for personal communications or can lower productivity.
  • Low: Business-related applications or other harmless applications.

Bandwidth

Displays information for bandwidth calculated on a per-session level, providing administrators the ability to sort realtime bandwidth usage in descending order.

Browsing Time

Displays the amount of time a user has spent browsing a web site (in seconds).

Note: This column is only available in the Web Sites console, in Categories view..

Bytes (Sent/Received)

Displays the size of sent and received data packets, as measured in bytes. Select the column header to sort the entries by size.

Note: This information is available on some consoles as two separate columns: Sent and Received.

Category

Displays the category descriptor appropriate to whatever console is being displayed. For example, threat categories are displayed in the Threats console.

Cloud User

Displays the users accessing cloud applications by IP address.

Note: This column is only available in the Cloud Applications console, in Users view.

Configuration Changes

Displays the number of configuration changes made by the user. You can hover the mouse cursor over an entry for additional information.

Note: This column is only available in the Admin Logins console.

Connections

Displays the number of VPN connections made by the selected user.

Note: This column is only available in the VPN console.

Country

Displays the country from which the selected traffic is originating.

Note: This column is only available in the Countries console.

Destination

Displays the destination name, IP address and geographic region.

Destination Country

Displays the country session data is being sent to.

Note: This column is only available in the All Sessions console.

Destination Interface

Displays which interface session data is being sent through, e.g. wan1.

Destination Port

Displays the port number of the destination server being used to accept data.Note: This column is only available in the All Sessions console.

Device

Displays the device IP address or Fully Qualified Domain Name (FQDN).

Domain

Displays the domain associated with the selected web site, e.g. google.com.

Note: This column is only available in the Web Sites console.

DST Nat IP

NAT Destination

Displays the Network Address Translation (NAT) IP address associated with the destination server.Note: This column is only available in the All Sessions console.

DST Nat Port

NAT Destination Port

Displays the Network Address Translation (NAT) port number associated with the destination server.

Note: This column is only available in the All Sessions console.

Duration

Displays the amount of time (in seconds) a user has been logged in.

Note: This column is only available in the Admin Logins console.

Event Name (Description)

Displays the name and description of the selected security event.

Note: This column is only available in the System Events console.

Events

Displays the number of security events that occurred within a selected session.

Note: This column is only available in the System Events console.

Expires

Displays the amount of time a session has (in seconds) before it is set to expire.

Note: This column is only available in the All Sessions console, in now Time Display view.

Failed Logins

Displays the number of failed login attempts made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.

Files (Up/Down)

Displays the number of files uploaded and downloaded. Hover the mouse cursor over the entry in the column for additional information.

Note: This column is only available in the Cloud Applications console.

FortiASIC

Displays the type of FortiASIC hardware acceleration used in the specified session, if present.

Note: This column is only available in the All Sessions console, in the now Time Display view.

Group

Displays the group ID associated with the selected session.

Note: This column is only available in the All Sessions console.

Last Connection Time

Displays the most recent instance of connection to the selected Virtual Private Network (VPN).

Note: This column is only available in the VPN console.

Level

Threat Level

Displays the threat level. Select the column header to sort entries by threat level.

Log ID

Displays the identification number for the data log associated with this entry.

Note: This column is only available in the All Sessions console.

Login IDs

Displays the number of login IDs associated with the selected cloud application.

Note: This column is only available in the Cloud Applications console, in Applications view.

Login Type

Displays the type of login (eg. WEP) associated with the displayed authentication attempt.

Note: This column is only available in the Failed Authentications console.

Logins

Displays the number of successful logins made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.

Pending

Note: This column is only available in the FortiSandbox column, in Source view.

Policy ID

Displays the identification number of the policy under which the selected connection was allowed.

Security Action

Displays the action taken in response to the selected security event. The types of possible actions are as follows:

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Sessions

Displays the number of sessions associated with the selected destination.

Note: This column only appears in the Destinations console, in the now Time Display view.

Sessions (Blocked/Allowed)

Displays the number of sessions blocked and allowed by FortiOs. In some consoles, entries can be sorted by number of sessions by selecting the column header.

Severity

Displays the severity level (Critical, High, Medium or Low) associated with the selected security event.

Source

Displays the source IP address and/or user ID, if applicable.

Source Interface

Displays which interface is being used by the destination server (eg. wan1).

Source Port

Displays the port number being used by the source server to send data.

Source SSID

Displays the Service Set Identifier (SSID) associated with the selected user.

Note: This column is only available in the Wifi Clients console.

Src NAT IP

NAT Source

Displays the Network Address Translation (NAT) IP address associated with the source server.

Src NAT Port

NAT Source Port

Displays the Network Address Translation (NAT) port number associated with the source server.

Status

The types of possible status' are Malicious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This console is only available in the FortiSandbox console, in Files view.

Submitted

Displays the number of files submitted to the FortiSandbox for assessment in the selected session.

Note: This column is only available in the FortiSandbox console, in Files view.

Threat

Displays the threat type detected in the selected session.

Threat Score (Blocked/Allowed)

Displays the threat score value, a measurement of the total number of threats detected over the course of the session. You can select the column header to sort entries by threat score.

Threat Weight

Displays the threat weight profile associated with the selected session.

Timestamp

Displays the selected session's PHP timestamp.

User

User Name

Displays the user name associated with the selected administrator.

Videos Played

Displays the number of videos played via cloud applications.

Note: This column is only available in the Cloud Applications console.

Columns displayed

The following columns appear in the initial window of the dashboards. Some columns may only be visible by selecting them from the column drop-down menu. Options vary depending on the dashboard selected.

Column name

Description

Action

Displays the type of response taken to a security event. The types of possible actions are as follows:
  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Note: This column is only available in the All Sessions console.

Application

Displays the application name and service. When Time Display is set to now, you can access further information about an application by selecting the column entry.

Application Category

Displays the type of application used in the selected session, e.g. video player, social media.

Note: This column is only available in the All Sessions console.

Application ID

Displays the identification number associated with the application used in the selected session.

Note:This column is only available in the All Sessions console.

Application Risk

Risk

Displays the application risk level. You can hover the mouse cursor over the entry in the column for additional information, and select the column header to sort entries by level of risk.Risk uses a 5-point risk rating. The rating system is as follows:

  • Critical: Applications that are used to conceal activity to evade detection.
  • High: Applications that can cause data leakage, are prone to vulnerabilities, or may download malware.
  • Medium: Applications that can be misused.
  • Elevated: Applications that are used for personal communications or can lower productivity.
  • Low: Business-related applications or other harmless applications.

Bandwidth

Displays information for bandwidth calculated on a per-session level, providing administrators the ability to sort realtime bandwidth usage in descending order.

Browsing Time

Displays the amount of time a user has spent browsing a web site (in seconds).

Note: This column is only available in the Web Sites console, in Categories view..

Bytes (Sent/Received)

Displays the size of sent and received data packets, as measured in bytes. Select the column header to sort the entries by size.

Note: This information is available on some consoles as two separate columns: Sent and Received.

Category

Displays the category descriptor appropriate to whatever console is being displayed. For example, threat categories are displayed in the Threats console.

Cloud User

Displays the users accessing cloud applications by IP address.

Note: This column is only available in the Cloud Applications console, in Users view.

Configuration Changes

Displays the number of configuration changes made by the user. You can hover the mouse cursor over an entry for additional information.

Note: This column is only available in the Admin Logins console.

Connections

Displays the number of VPN connections made by the selected user.

Note: This column is only available in the VPN console.

Country

Displays the country from which the selected traffic is originating.

Note: This column is only available in the Countries console.

Destination

Displays the destination name, IP address and geographic region.

Destination Country

Displays the country session data is being sent to.

Note: This column is only available in the All Sessions console.

Destination Interface

Displays which interface session data is being sent through, e.g. wan1.

Destination Port

Displays the port number of the destination server being used to accept data.Note: This column is only available in the All Sessions console.

Device

Displays the device IP address or Fully Qualified Domain Name (FQDN).

Domain

Displays the domain associated with the selected web site, e.g. google.com.

Note: This column is only available in the Web Sites console.

DST Nat IP

NAT Destination

Displays the Network Address Translation (NAT) IP address associated with the destination server.Note: This column is only available in the All Sessions console.

DST Nat Port

NAT Destination Port

Displays the Network Address Translation (NAT) port number associated with the destination server.

Note: This column is only available in the All Sessions console.

Duration

Displays the amount of time (in seconds) a user has been logged in.

Note: This column is only available in the Admin Logins console.

Event Name (Description)

Displays the name and description of the selected security event.

Note: This column is only available in the System Events console.

Events

Displays the number of security events that occurred within a selected session.

Note: This column is only available in the System Events console.

Expires

Displays the amount of time a session has (in seconds) before it is set to expire.

Note: This column is only available in the All Sessions console, in now Time Display view.

Failed Logins

Displays the number of failed login attempts made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.

Files (Up/Down)

Displays the number of files uploaded and downloaded. Hover the mouse cursor over the entry in the column for additional information.

Note: This column is only available in the Cloud Applications console.

FortiASIC

Displays the type of FortiASIC hardware acceleration used in the specified session, if present.

Note: This column is only available in the All Sessions console, in the now Time Display view.

Group

Displays the group ID associated with the selected session.

Note: This column is only available in the All Sessions console.

Last Connection Time

Displays the most recent instance of connection to the selected Virtual Private Network (VPN).

Note: This column is only available in the VPN console.

Level

Threat Level

Displays the threat level. Select the column header to sort entries by threat level.

Log ID

Displays the identification number for the data log associated with this entry.

Note: This column is only available in the All Sessions console.

Login IDs

Displays the number of login IDs associated with the selected cloud application.

Note: This column is only available in the Cloud Applications console, in Applications view.

Login Type

Displays the type of login (eg. WEP) associated with the displayed authentication attempt.

Note: This column is only available in the Failed Authentications console.

Logins

Displays the number of successful logins made by an administrator over the specified time period.

Note: This column is only available in the Admin Logins console.

Pending

Note: This column is only available in the FortiSandbox column, in Source view.

Policy ID

Displays the identification number of the policy under which the selected connection was allowed.

Security Action

Displays the action taken in response to the selected security event. The types of possible actions are as follows:

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Sessions

Displays the number of sessions associated with the selected destination.

Note: This column only appears in the Destinations console, in the now Time Display view.

Sessions (Blocked/Allowed)

Displays the number of sessions blocked and allowed by FortiOs. In some consoles, entries can be sorted by number of sessions by selecting the column header.

Severity

Displays the severity level (Critical, High, Medium or Low) associated with the selected security event.

Source

Displays the source IP address and/or user ID, if applicable.

Source Interface

Displays which interface is being used by the destination server (eg. wan1).

Source Port

Displays the port number being used by the source server to send data.

Source SSID

Displays the Service Set Identifier (SSID) associated with the selected user.

Note: This column is only available in the Wifi Clients console.

Src NAT IP

NAT Source

Displays the Network Address Translation (NAT) IP address associated with the source server.

Src NAT Port

NAT Source Port

Displays the Network Address Translation (NAT) port number associated with the source server.

Status

The types of possible status' are Malicious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This console is only available in the FortiSandbox console, in Files view.

Submitted

Displays the number of files submitted to the FortiSandbox for assessment in the selected session.

Note: This column is only available in the FortiSandbox console, in Files view.

Threat

Displays the threat type detected in the selected session.

Threat Score (Blocked/Allowed)

Displays the threat score value, a measurement of the total number of threats detected over the course of the session. You can select the column header to sort entries by threat score.

Threat Weight

Displays the threat weight profile associated with the selected session.

Timestamp

Displays the selected session's PHP timestamp.

User

User Name

Displays the user name associated with the selected administrator.

Videos Played

Displays the number of videos played via cloud applications.

Note: This column is only available in the Cloud Applications console.