Document
Library

Administration Guide

Introduction
- Getting Started
- Standalone, Center and Sensor operating mode
- FortiNDR traffic and files input types
- Files and malware scan flow using AV and ANN
- Planning deployment
- Initial setup
Dashboard
- NDR Overview
- Malware Overview
- System Status
- Custom dashboards
- Dashboard widgets in Center mode
Network Insights
- Device Inventory
- Botnet
- FortiGuard IOC
- Network Attacks
- Weak/Vulnerable Communication
- Encrypted Attack
- Top talker
- Top application
- Top URL/Domain
- MITRE ATT&CK
- ML Discovery (Center Standalone)
- Anomaly tab
- Connection tab
- Session tab
Security Fabric
- Device Input
- Network Share
- Network Share Quarantine
- Fabric Connectors
  - ICAP Connectors
  - Security Fabric Connector
- Enforcement Settings
- Automation Framework
- Automation log
- FortiSandbox integration (FortiSandbox 4.0.1 and higher)
- FortiGate inline blocking (FOS 7.0.1 and higher)
- FortiGate integration (integrated mode with FOS 6.2 and higher)
Attack Scenario
- Attack scenario navigation and timeline
- Understanding kill chain and scenario engine
Host Story
Virtual Security Analyst
- Express Malware Analysis
- Outbreak Search
- Static Filter
- NDR Muting
- ML Configuration
- Malware Big Picture
- Device Enrichment
  - Creating a Device Enrichment Profile
Netflow
- Netflow Dashboard
- Netflow Log
Network
System
- Administrators
  - Password policy
- Admin Profiles
- Sensor Settings (Center Standalone)
- Firmware
- Settings
- SNMP
- FortiGuard
- Certificates
- High Availability (HA)
- Conserve Mode
- Backup or restore the system configuration
User & Authentication
- RADIUS Server
- LDAP Servers
Log & Report
- Malware Log
- NDR Log
- Events
- Daily Feature Learned
- Log Settings
- Alert Email Setting
- Email Alert Recipients
- NDR logs samples
- AV log samples
Troubleshooting
- FortiNDR troubleshooting tips
- FortiNDR health checks
- Rebuild RAID disk
- Managing FortiNDR disk usage for Center mode
- Managing FortiNDR disk usage for Standalone and Sensor mode
- Export malware
- Working with false positives and false negatives
- Troubleshoot ICAP and OFTP connection issues
- Troubleshoot Log Settings
- Troubleshoot Network Share
- Troubleshooting the VM License
- Troubleshooting the updater
- Troubleshooting tips for Network File Share
- Sensor logs not displaying in Center GUI
- Troubleshooting FortiNDR VM high CPU usage
- Troubleshooting inactive Netflow status
Appendix A: API guide
Appendix B: Sample script to submit files
Appendix C: FortiNDR ports
Appendix D: FortiGuard updates
Appendix E: Event severity level by category
Appendix F: IPv6 support
Appendix G: Supported Application Protocol List
Appendix H: File types and protocols
Appendix I: Operational Technology / SCADA vendor and application list
Appendix J: Center Sensor Deployment
Change Log

Home FortiNDR 7.4.3 Administration Guide

7.4.3

Admin Profiles

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

Pre-defined profile types

The following pre-defined administrator profiles cannot be modified or deleted:

OperatorProfile: Can view certain pages. This profile cannot change any system settings.
SuperAdminProfile: All functionalities are accessible.

Access Permissions

The following table shows the default settings for the pre-defined profile types:

Access Permissions	Operator Profile	SuperAdminProfile
System status	Read	Read/Write
System Access	None	Read/Write
System Configuration	None	Read/Write
System Maintenance	None	Read/Write
Virtual Security Analyst	Read	Read/Write

To create an Admin Profile:

Go to System > Admin Profiles.
Click Create New. The Create Access Profile page opens.

Configure the Access Permissions.

Access Permissions	Description
System status	Grant permissions to settings critical to FortiNDR network accessibility, including GUI console, Network, Administrators, Admin Profiles, Certificates, and RADIUS/LDAP authentication.
System Access	Grant permission to modify other system settings such as system time settings, system FortiGuard update, and Security Fabric settings.
System Configuration	Grant permissions to access system maintenance settings such as back up system configuration, restore configuration, and restore firmware.
System Maintenance	Grant permissions to access to the system to check its status. Users with this permission set to none cannot log into the system. The default is none in the GUI.
Virtual Security Analyst	Grant permissions to access settings in Virtual Security Analyst such as Express Malware Analysis, Outbreak Search, Static Filter, NDR Muting, ML Configuration, Malware Big Picture and Device Enrichment.

System status Grant access to Dashboard > System Status System Access Grant access to the features in Security Fabric System Configuration Grant access to the features in Network System Maintenance Grant access to the features in System Virtual Security Analyst Grant access to the features in Virtual Security Analyst

If you are operating in Center mode, select a sensor.
1. Under Sensor, click Selection.
2. Select the sensor from the list and click Close.
Click OK.

Previous

Next

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

Pre-defined profile types

The following pre-defined administrator profiles cannot be modified or deleted:

OperatorProfile: Can view certain pages. This profile cannot change any system settings.
SuperAdminProfile: All functionalities are accessible.

Access Permissions

The following table shows the default settings for the pre-defined profile types:

Access Permissions	Operator Profile	SuperAdminProfile
System status	Read	Read/Write
System Access	None	Read/Write
System Configuration	None	Read/Write
System Maintenance	None	Read/Write
Virtual Security Analyst	Read	Read/Write

To create an Admin Profile:

Go to System > Admin Profiles.
Click Create New. The Create Access Profile page opens.

Configure the Access Permissions.

Access Permissions	Description
System status	Grant permissions to settings critical to FortiNDR network accessibility, including GUI console, Network, Administrators, Admin Profiles, Certificates, and RADIUS/LDAP authentication.
System Access	Grant permission to modify other system settings such as system time settings, system FortiGuard update, and Security Fabric settings.
System Configuration	Grant permissions to access system maintenance settings such as back up system configuration, restore configuration, and restore firmware.
System Maintenance	Grant permissions to access to the system to check its status. Users with this permission set to none cannot log into the system. The default is none in the GUI.
Virtual Security Analyst	Grant permissions to access settings in Virtual Security Analyst such as Express Malware Analysis, Outbreak Search, Static Filter, NDR Muting, ML Configuration, Malware Big Picture and Device Enrichment.

System status Grant access to Dashboard > System Status System Access Grant access to the features in Security Fabric System Configuration Grant access to the features in Network System Maintenance Grant access to the features in System Virtual Security Analyst Grant access to the features in Virtual Security Analyst

If you are operating in Center mode, select a sensor.
1. Under Sensor, click Selection.
2. Select the sensor from the list and click Close.
Click OK.

Previous

Next