Fortinet black logo

User Guide

Home FortiNDR Cloud User Guide

Viewing investigation details

Viewing investigation details

To view the investigation details.

  1. Go to Investigations, and click an investigation name.

  2. Click an investigation name. The investigations details page displays the following information:

    • Investigation Creator
    • Link to single or multiple related detections
    • IQL query
    • Notes (if any)
    • Date/time the query was added
    • Number of events (if complete)
    • Executed Playbooks that are part of that investigation
    • Close date (if investigation was closed)

    Related Detections

    Tooltip

    If the investigation contains more than one related detection, the MORE>> link appears. You can click the link to view all the related detections.

Query Status Icons

Query Status Icon 2

Query completed successfully. Results (if any) are available.

Query Status Running

Query is currently running.

Query Status Running

Query is queued to run. It will run automatically when resources are available.

Query Status Running

Query failed due to an internal error. If problem persists, please contact Fortinet support.

You can click any related detections name to view detection details.

Related Detections 2

View results

Click the View Results to view the following information:

  • IQL Query string

  • Date Range

  • Number of events

  • A table of the events where you can:

    • Click on column filter to change the visible columns in the way that the current event search does including column visibility sets.

    • Click the CSV button to export the results as a CSV file

Tooltip

Hold down the Shift key and use the scroll wheel on your mouse to quickly scroll through the column headings.

Investigation Results

Previous
Next

Viewing investigation details

To view the investigation details.

  1. Go to Investigations, and click an investigation name.

  2. Click an investigation name. The investigations details page displays the following information:

    • Investigation Creator
    • Link to single or multiple related detections
    • IQL query
    • Notes (if any)
    • Date/time the query was added
    • Number of events (if complete)
    • Executed Playbooks that are part of that investigation
    • Close date (if investigation was closed)

    Related Detections

    Tooltip

    If the investigation contains more than one related detection, the MORE>> link appears. You can click the link to view all the related detections.

Query Status Icons

Query Status Icon 2

Query completed successfully. Results (if any) are available.

Query Status Running

Query is currently running.

Query Status Running

Query is queued to run. It will run automatically when resources are available.

Query Status Running

Query failed due to an internal error. If problem persists, please contact Fortinet support.

You can click any related detections name to view detection details.

Related Detections 2

View results

Click the View Results to view the following information:

  • IQL Query string

  • Date Range

  • Number of events

  • A table of the events where you can:

    • Click on column filter to change the visible columns in the way that the current event search does including column visibility sets.

    • Click the CSV button to export the results as a CSV file

Tooltip

Hold down the Shift key and use the scroll wheel on your mouse to quickly scroll through the column headings.

Investigation Results

Previous
Next