Document
Library

Administration Guide

Introduction
- Getting started
- Standalone, Center and Sensor operating mode
- FortiNDR traffic and files input types
- Files and malware scan flow using AV and ANN
- Planning deployment
- Initial setup
Dashboard
- NDR Overview
- Malware Overview
- System Status
- Custom dashboards
- Dashboard widgets in Center mode
Network Insights
- Device Inventory
- Botnet
- FortiGuard IOC
- Network Attacks
- Weak/Vulnerable Communication
- Encrypted Attack
- ML Discovery (Center Standalone)
- Anomaly tab
- Connection tab
- Session tab
Security Fabric
- Device Input
- Network Share
- Network Share Quarantine
- Fabric Connectors
  - ICAP Connectors
  - Security Fabric Connector
- Enforcement Settings
- Automation Framework
- Automation log
- FortiSandbox integration (FortiSandbox 4.0.1 and higher)
- FortiGate inline blocking (FOS 7.0.1 and higher)
- FortiGate integration (integrated mode with FOS 6.2 and higher)
Attack Scenario
- Attack scenario navigation and timeline
- Understanding kill chain and scenario engine
Host Story
Virtual Security Analyst
- Express Malware Analysis
- Outbreak Search
- Static Filter
- NDR Muting
- ML Configuration
- Malware Big Picture
- Device Enrichment
  - Creating a Device Enrichment Profile
Netflow
- Netflow Dashboard
- Netflow Log
Network
System
- Administrators
- Admin Profiles
- Sensor Settings (Center Standalone)
- Firmware
- Settings
- FortiGuard
- Certificates
- High Availability (HA)
- Conserve Mode
- Backup or restore the system configuration
User & Authentication
- RADIUS Server
- LDAP Servers
Log & Report
- Malware Log
- NDR Log
- Events
- Daily Feature Learned
- Log Settings
- Alert Email Setting
- Email Alert Recipients
- NDR logs samples
- AV log samples
Troubleshooting
- FortiNDR troubleshooting tips
- FortiNDR health checks
- Rebuild RAID disk
- Managing FortiNDR disk usage for Center mode
- Managing FortiNDR disk usage for Standalone and Sensor mode
- Export malware
- Working with false positives and false negatives
- Troubleshoot ICAP and OFTP connection issues
- Troubleshoot Log Settings
- Troubleshoot Network Share
- Troubleshooting the VM License
- Troubleshooting the updater
- Troubleshooting tips for Network File Share
- Sensor logs not displaying in Center GUI
- Troubleshooting FortiNDR VM high CPU usage
Appendix A: API guide
Appendix B: Sample script to submit files
Appendix C: FortiNDR ports
Appendix D: FortiGuard updates
Appendix E: Event severity level by category
Appendix F: IPv6 support
Appendix G : Supported Application Protocol List
Appendix H: File types and protocols
Appendix I: Operational Technology / SCADA vendor and application list
Change Log

Home FortiNDR 7.4.1 Administration Guide

7.4.1

Appendix E: Event severity level by category

Appendix E: Event severity level by category

Event Category	NDR Detection Severity Level
Malware Detection	Low\|Medium\|High\|Critical
Botnet Detection/Netflow Botnet Detection	Critical
Encryption Attack Detection	Critical
Network Attack Detection	Low\|Medium\|High\|Critical
Indication of Compromise Detection	Critical
Weak Cipher and Vulnerable Protocol Detection	Low\|Medium\|High\|Critical
Machine Learning Detection	Low\|Medium\|High\|Critical

Previous

Next

Appendix E: Event severity level by category

Event Category	NDR Detection Severity Level
Malware Detection	Low\|Medium\|High\|Critical
Botnet Detection/Netflow Botnet Detection	Critical
Encryption Attack Detection	Critical
Network Attack Detection	Low\|Medium\|High\|Critical
Indication of Compromise Detection	Critical
Weak Cipher and Vulnerable Protocol Detection	Low\|Medium\|High\|Critical
Machine Learning Detection	Low\|Medium\|High\|Critical

Previous

Next