Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home 26.1.b User Guide

    Muting

    Muting

    Muting allows you to ignore authorized and expected behaviors to identify anomalies for the specific host. When a detector is muted, any related detection will have a status of Muted. This means a notification will not be generated for the detection. A muted detection will auto-resolve after the specified time frame or can be resolved manually.

    To view all muted devices, detectors, and detections, go to the Mutes and Excludes.

    Mute all detectors for a device

    Muting a device for all detectors is most commonly used for devices such as sandboxes and vulnerability scanners, which routinely trigger detections as part of their normal operation. Because these alerts are expected, muting such devices is often one of the first steps when configuring FortiNDR Cloud.

    To mute a device for all detectors:
    1. Go to Detections > Triage Detections.
    2. In the toolbar, click the gear icon and select Muted Devices. The Mutes and Excludes page opens.
    3. Scroll down to the Muted Devices section and click Add New device Range.
    4. Configure the muted device/range.

      Setting

      Description

      Device IP or RangeEnter an IP address or CIDR range.
      DetectorSelect a detector from the dropdown.
      DescriptionAdd an optional description of the device(s).
    5. In the Device IP or Range field, .
    6. Click Add Device(s).

    Mute a detector

    Muting a detector will cause all its future detections to be muted, regardless of which device triggered the detector. This is commonly used for posture-aware detectors that identify approved or expected behavior.

    To mute a detector:
    1. Go to Detections > Triage Detections.
    2. In the toolbar, enable table view .
    3. In the Actions column, select Mute Detector.

    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.

    Mute a device

    You can mute a device for a detection, detector or an account. This is commonly used for suspicious behaviors from approved devices, such as remote access from an administrator workstation. Detections that contain a muted detector are appended with Muted in the Status of column of the Detections Table.

    To mute a device from Triage Detections:
    1. Go to Detections > Triage Detections and open a detector.
    2. In the Impacted Devices tab, select the detection that contains the device and detector.
    3. In the Actions column, click the actions menu and select one of the following options:
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account
    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Device.
    To mute a device from the Detections Table:
    1. Go to Detections > Detections Table.
    2. Select a detection in the list.
    3. In the Actions column, click the actions menu and select one of the following options:
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account
    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Device.

    Viewing muted devices

    From

    Description

    Mutes and Excludes
    1. Go to Settings > Mutes and Excludes.
    2. Scroll down to the Muted Devices.
    Detections
    1. Go to Detections >Triage Detections.
    2. In the toolbar, click gear icon .
    3. Under Actions select Muted Devices.
    Detections Table
    1. Go to Detections > Detections Table.
    2. Click the column selector and show the Device Muted column.
    Previous
    Next

    Muting

    Muting

    Muting allows you to ignore authorized and expected behaviors to identify anomalies for the specific host. When a detector is muted, any related detection will have a status of Muted. This means a notification will not be generated for the detection. A muted detection will auto-resolve after the specified time frame or can be resolved manually.

    To view all muted devices, detectors, and detections, go to the Mutes and Excludes.

    Mute all detectors for a device

    Muting a device for all detectors is most commonly used for devices such as sandboxes and vulnerability scanners, which routinely trigger detections as part of their normal operation. Because these alerts are expected, muting such devices is often one of the first steps when configuring FortiNDR Cloud.

    To mute a device for all detectors:
    1. Go to Detections > Triage Detections.
    2. In the toolbar, click the gear icon and select Muted Devices. The Mutes and Excludes page opens.
    3. Scroll down to the Muted Devices section and click Add New device Range.
    4. Configure the muted device/range.

      Setting

      Description

      Device IP or RangeEnter an IP address or CIDR range.
      DetectorSelect a detector from the dropdown.
      DescriptionAdd an optional description of the device(s).
    5. In the Device IP or Range field, .
    6. Click Add Device(s).

    Mute a detector

    Muting a detector will cause all its future detections to be muted, regardless of which device triggered the detector. This is commonly used for posture-aware detectors that identify approved or expected behavior.

    To mute a detector:
    1. Go to Detections > Triage Detections.
    2. In the toolbar, enable table view .
    3. In the Actions column, select Mute Detector.

    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.

    Mute a device

    You can mute a device for a detection, detector or an account. This is commonly used for suspicious behaviors from approved devices, such as remote access from an administrator workstation. Detections that contain a muted detector are appended with Muted in the Status of column of the Detections Table.

    To mute a device from Triage Detections:
    1. Go to Detections > Triage Detections and open a detector.
    2. In the Impacted Devices tab, select the detection that contains the device and detector.
    3. In the Actions column, click the actions menu and select one of the following options:
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account
    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Device.
    To mute a device from the Detections Table:
    1. Go to Detections > Detections Table.
    2. Select a detection in the list.
    3. In the Actions column, click the actions menu and select one of the following options:
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account
    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Device.

    Viewing muted devices

    From

    Description

    Mutes and Excludes
    1. Go to Settings > Mutes and Excludes.
    2. Scroll down to the Muted Devices.
    Detections
    1. Go to Detections >Triage Detections.
    2. In the toolbar, click gear icon .
    3. Under Actions select Muted Devices.
    Detections Table
    1. Go to Detections > Detections Table.
    2. Click the column selector and show the Device Muted column.
    Previous
    Next