Fortinet black logo

Administration Guide

Home FortiNDR 7.4.3 Administration Guide
7.4.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

NDR Muting

NDR Muting

The Virtual Security Analyst > NDR Muting page displays a list of rules that no long appear as detections in Network Insights pages.

You can mute certain detections in the Botnet, FortiGuard IOC, Network Attacks, Weak/Vulnerable Communication, Encrypted Attack, and ML Discovery insight pages. Once the attack is muted, it will no longer appear as a detection.

Note

NDR Muting rules can be established in Center and Sensor mode. However, these rules only mask or hide specific NDR attack detections for that specific Center or Sensor. For instance, if you hide an attack on a Center, it does not automatically hide the same attack on the Sensor's user interface.

The NDR Muting displays the following information:

Last Modified The date and time the rule was last modified.
Rule ID The rule's unique ID.
Rule Type The rule type.
Rule The rule name and tag.
Created By The name of the admin who created the rule.
Comment Comments by the admin.

Status

The current status of the rule (enabled / disabled).

Muting rules in Network Insights

To mute an NDR Rule:
  1. Go to Network Insights and open a page.
  2. Right click a detection and select Add to NDR Mute Rule. The detection is muted and hidden in the page.
To view muted detections in Network Insights pages:
  1. Go to Network Insights and open a page.
  2. Disable NDR Mute OFF.

Managing muted rules

To enable/disable NDR muted rules:
  1. Go to Virtual Security Analyst > NDR Muting, and select a rule in the list.
  2. In the toolbar, click Edit.
To delete multiple rules:
  1. In the toolbar, click the Delete Multiple dropdown.
  2. Select one of the following:
    • Delete older than 30 days
    • Delete All
To delete an NDR rule:
  1. Go to Virtual Security Analyst > NDR Muting, and select a rule in the list.
  2. In the toolbar, click Delete.
Previous
Next

NDR Muting

The Virtual Security Analyst > NDR Muting page displays a list of rules that no long appear as detections in Network Insights pages.

You can mute certain detections in the Botnet, FortiGuard IOC, Network Attacks, Weak/Vulnerable Communication, Encrypted Attack, and ML Discovery insight pages. Once the attack is muted, it will no longer appear as a detection.

Note

NDR Muting rules can be established in Center and Sensor mode. However, these rules only mask or hide specific NDR attack detections for that specific Center or Sensor. For instance, if you hide an attack on a Center, it does not automatically hide the same attack on the Sensor's user interface.

The NDR Muting displays the following information:

Last Modified The date and time the rule was last modified.
Rule ID The rule's unique ID.
Rule Type The rule type.
Rule The rule name and tag.
Created By The name of the admin who created the rule.
Comment Comments by the admin.

Status

The current status of the rule (enabled / disabled).

Muting rules in Network Insights

To mute an NDR Rule:
  1. Go to Network Insights and open a page.
  2. Right click a detection and select Add to NDR Mute Rule. The detection is muted and hidden in the page.
To view muted detections in Network Insights pages:
  1. Go to Network Insights and open a page.
  2. Disable NDR Mute OFF.

Managing muted rules

To enable/disable NDR muted rules:
  1. Go to Virtual Security Analyst > NDR Muting, and select a rule in the list.
  2. In the toolbar, click Edit.
To delete multiple rules:
  1. In the toolbar, click the Delete Multiple dropdown.
  2. Select one of the following:
    • Delete older than 30 days
    • Delete All
To delete an NDR rule:
  1. Go to Virtual Security Analyst > NDR Muting, and select a rule in the list.
  2. In the toolbar, click Delete.
Previous
Next