Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.4.6 Administration Guide
    7.4.6
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Endpoint vulnerability dashboard

    Endpoint vulnerability dashboard

    Note

    To use this dashboard in FortiAnalyzer, you must connect and authorize a FortiClient EMS device and create an EMS connector.

    The Endpoint Vulnerability dashboard displays endpoint vulnerability information from EMS connectors. It includes the following widgets:

    Widget Description

    Endpoints by Vulnerability Severity

    A donut chart displaying the endpoints by vulnerability severity.

    Vulnerability Age Distribution (Total Count)

    Donut charts displaying vulnerabilities (total and unique) by age.

    Vulnerability Age Distribution (Unique Vuln)

    Top 10 Vulnerable Windows

    Bar charts displaying the endpoints with the largest number of critical and high vulnerabilities.

    Top 10 Vulnerable MacOS

    Top 10 Vulnerable Linux

    Historical Trends Windows

    Line charts displaying the historical trends of vulnerabilities by severity.

    Historical Trends MacOS

    Historical Trends Linux

    Top Vuln App Trend

    A line chart displaying the top vulnerable apps over time.

    Vuln Per Category

    A bar chart displaying the number of vulnerabilities by category.

    Top 20 Vulnerable Applications

    A bar chart displaying the number of critical and high vulnerabilities by application.

    Top 10 Vulnerabilities Windows

    Tables displaying the top vulnerabilities.

    Top 10 Vulnerabilities MacOS

    Top 10 Vulnerabilities Linux

    Top 20 Users Own Multiple Devices

    A table displaying the users, including their number of unique hosts and a list of their devices.
    To collect information for the managed endpoint vulnerability dashboard:

    1. In Fabric View > Fabric Connectors, create an EMS connector. See Creating or editing Security Fabric connectors.

      Once the first EMS connector is configured, the Update Asset, Identity and Vulnerability in Sequence playbook is automatically created in Fabric View > Automation > Playbook . This default playbook gets the endpoints and their vulnerabilities from EMS. It is scheduled to run once per day, but it can be edited according your needs. See Playbooks.

    2. In Fabric View > Asset Identity Center > Asset Identity List > Asset List, click More > Data Sources.

      The Data Source Selection dialog displays.

    3. Click Create New.

    4. Configure the following, and then click OK.

      1. From the Data Source dropdown, select EMS Connector.

      2. Enable the Status.

      3. For the Connectors field, select the EMS connector that you have created.

    5. In Device Manager, authorize the EMS device.

      The EMS device will receive the related endpoint vulnerabilities logs.

      When the playbook is run, it will call the EMS API to get all endpoints and vulnerabilities data, and it will be inserted as FortiAnalyzer Fabric (SIEM) logs. Note that the predefined EMS-Connector Log Parser to parse the logs; you can find this parser in Incidents & Events > Log Parser > Log Parsers.

      Multiple EMS connectors are supported. If needed, repeat the steps to create another EMS connector.

    Previous
    Next

    Endpoint vulnerability dashboard

    Endpoint vulnerability dashboard

    Note

    To use this dashboard in FortiAnalyzer, you must connect and authorize a FortiClient EMS device and create an EMS connector.

    The Endpoint Vulnerability dashboard displays endpoint vulnerability information from EMS connectors. It includes the following widgets:

    Widget Description

    Endpoints by Vulnerability Severity

    A donut chart displaying the endpoints by vulnerability severity.

    Vulnerability Age Distribution (Total Count)

    Donut charts displaying vulnerabilities (total and unique) by age.

    Vulnerability Age Distribution (Unique Vuln)

    Top 10 Vulnerable Windows

    Bar charts displaying the endpoints with the largest number of critical and high vulnerabilities.

    Top 10 Vulnerable MacOS

    Top 10 Vulnerable Linux

    Historical Trends Windows

    Line charts displaying the historical trends of vulnerabilities by severity.

    Historical Trends MacOS

    Historical Trends Linux

    Top Vuln App Trend

    A line chart displaying the top vulnerable apps over time.

    Vuln Per Category

    A bar chart displaying the number of vulnerabilities by category.

    Top 20 Vulnerable Applications

    A bar chart displaying the number of critical and high vulnerabilities by application.

    Top 10 Vulnerabilities Windows

    Tables displaying the top vulnerabilities.

    Top 10 Vulnerabilities MacOS

    Top 10 Vulnerabilities Linux

    Top 20 Users Own Multiple Devices

    A table displaying the users, including their number of unique hosts and a list of their devices.
    To collect information for the managed endpoint vulnerability dashboard:

    1. In Fabric View > Fabric Connectors, create an EMS connector. See Creating or editing Security Fabric connectors.

      Once the first EMS connector is configured, the Update Asset, Identity and Vulnerability in Sequence playbook is automatically created in Fabric View > Automation > Playbook . This default playbook gets the endpoints and their vulnerabilities from EMS. It is scheduled to run once per day, but it can be edited according your needs. See Playbooks.

    2. In Fabric View > Asset Identity Center > Asset Identity List > Asset List, click More > Data Sources.

      The Data Source Selection dialog displays.

    3. Click Create New.

    4. Configure the following, and then click OK.

      1. From the Data Source dropdown, select EMS Connector.

      2. Enable the Status.

      3. For the Connectors field, select the EMS connector that you have created.

    5. In Device Manager, authorize the EMS device.

      The EMS device will receive the related endpoint vulnerabilities logs.

      When the playbook is run, it will call the EMS API to get all endpoints and vulnerabilities data, and it will be inserted as FortiAnalyzer Fabric (SIEM) logs. Note that the predefined EMS-Connector Log Parser to parse the logs; you can find this parser in Incidents & Events > Log Parser > Log Parsers.

      Multiple EMS connectors are supported. If needed, repeat the steps to create another EMS connector.

    Previous
    Next