DOCUMENT LIBRARY
26.2.0
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
|
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
|
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
|
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Application Delivery
FortiADC
|
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
|
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
|
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
|
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
FortiTIP Cloud
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Application Delivery Controller
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIGate
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiWeb Manager
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
All Products
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIGate
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
FortiGate / FortiOS
FortiManager
FortiAnalyzer
Administration Guide
Getting started
Onboarding
Onboarding dashboard
Onboarding process overview
Onboarding tasks
Accessing FortiCNAPP
Logging in through FortiCloud
Logging in with your FortiCNAPP credentials
Navigating FortiCloud Services
Migration to FortiCloud FAQ
FortiCNAPP FAQ
Additional resources
Security Fabric integration
FortiAnalyzer
FortiGate
FortiSIEM
FortiSOAR
Explorer
Query builder
Running saved queries
Building a query
Working with query results
Explorer risk score
Explorer graph
Graph examples
Workflows
Example workflow:Â Show all hosts with Log4j vulnerability
Resource inventory
Using the resource inventory
Oracle Cloud Infrastructure inventory
Threat Center
Alerts
Viewing alert details
FortiCNAPPÂ AI Assist
Filtering alerts
Security Insights FAQ
AWS Security Hub
Amazon GuardDuty
AWS built-in package
Cloud logs
Cloud activity logs
Cloud activity integrations
AWS CloudTrail
Azure Activity Log
GCP Audit Log
Log Types
Kubernetes Activity Logs
Kubernetes Audit Log Integrations
Amazon EKS Audit Log Integration
EKS Audit Log Integration Using Terraform
EKS Audit Log Integration Using CloudFormation
EKS Audit Log Manual Integration
Disable or Delete EKS Audit Log Integrations
Download CloudFormation Template Files Using the API
Manage an EKS Audit Log Integration Using Terraform
GKE Audit Logs
Kubernetes Audit Logs for GKE
GKE Audit Log Integration - Terraform
GKE Audit Log Integration - Manual
GKE Audit Log FAQ
Kubernetes Dashboard
Kubernetes Security FAQ
Workloads
Workload security dashboards
Hosts
Dashboard navigation and filters
Applications
Files
Machines
Networks
Processes
Users
Containers
Agentless workload scanning
Agentless workload scanning overview
Before you begin
Integrating your AWSÂ environment
CloudFormation
Agentless workload scanning for AWS - single account integration using CloudFormation
Agentless Workload Scanning for AWS - Organization Integration (CloudFormation)
Terraform
Prerequisites
Configuring IAM permissions for deployment
IAM permissions used during workload scanning
Integrating agentless workload scanning for AWS single account with Terraform
Integrating agentless workload scanning for AWS organization account with Terraform
Integrating your Google Cloud environment
Terraform
Prerequisites
Google Cloud IAM permissions required for deployment
IAM permissions used during workload scanning
Deploying agentless workload scanning for a project on Google Cloud
Deploying agentless workload scanning for an organization on Google Cloud
Integrating your Azure environment
Integration types
Preparing for integration
Deploying agentless workload scanning on Azure
Removing an agentless workload scanning integration
FortiCNAPP console
Viewing agentless workload scanning results
Managing your agentless workload scanning integration
Secrets detected by agentless workload scanning
Agentless scanning for Windows
Agentless workload scanning FAQs
Agent-based workload security
Linux agent-based workload security
Install the Linux Agent
Linux agent install checklist
Required connectivity, proxies, and certificates for agents
Downloading GPG and RSA keys to verify agent release package signature
Managing agent access tokens
Downloading the Linux agent installer
Configuring access to tags and metadata in AWS
Configuring access to labels in Google Cloud
Install on Hosts
Installing using the install.sh script
Installing with the FortiCNAPP CLI
Installing from package repositories
Installing with a DEB or RPM package
Installing with Chef
Installing with Ansible
Installing on AWS EC2 with Terraform and AWS Systems Manager
Installing with an AMI created with Packer
Installing on Alpine Linux
Install Linux Agent with AWS Elastic Beanstalk
Installing on a GCE host
Installing on CoreOS
Install on Containers
Deploying with Docker
Deploying on AWS Fargate for ECS
Installing on AWS ECS as a daemon service (EC2 launch type)
Deploying on Google Cloud Run
Install on Kubernetes
Installing Linux agent on Kubernetes
Deploying on AWS Fargate for EKS
Install Linux Agent on GKE Autopilot
How FortiCNAPP derives the K8s cluster name
View Kubernetes Clusters or Node Types in FortiCNAPP console
Change Agent Resource Installation Limits on Kubernetes Environments
Troubleshoot a Failed Linux Agent Installation
Configure the Linux Agent
Configure Linux Agent Using the FortiCNAPP console
Configure Linux Agent Using Agent Configuration File
Configure Linux Agent Using Environment Variables
Specifying the agent server URL
Adding agent tags
Run Agent as Non-Root User
Agent Administration
Viewing Linux agent status
Viewing agent versions
Viewing Linux agent logs
Viewing agent details on the FortiCNAPP console
Viewing host details on the FortiCNAPP console
Starting, stopping, or restarting the Linux agent
Upgrading the Linux agent
Uninstall the Linux Agent
Linux Agent FAQs
File Integrity Monitoring (FIM) FAQs
Windows agent-based workload security
Installing the Windows agent
Windows agent installation prerequisites
Downloading the Windows agent installer
Windows agent install options
Installing the Windows agent from the command line
Installing the Windows agent using a PowerShell script
Install Windows Agent on AWS with Packer
Installing the Windows agent on Azure VMs using a PowerShell script
Installing Windows Agent with Azure Resource Manager
Installing Windows agent on Azure VMs using Terraform
Windows agent installation options on K8s
Installing Windows agent on AKS or EKS clusters using a Helm Chart
Configuring Windows Agent on AKS or EKS Clusters using Helm Chart
Verify the Windows Agent Installation
View Windows Agent Details and Alerts
Configuring the Windows agent
Configure Windows Agent Using the Configuration File
Use a Network Proxy for Windows Agent Traffic
Configure Access to Tags in AWS
Configuring access to labels in Google Cloud
Add Custom Agent Tags
Add the Windows Agent as a Trusted Entity
File and registry integrity monitoring for Windows
File Integrity Monitoring for Windows Overview
Configure FIM Properties for Windows Agent
Monitor Changes to Windows Registry
Restarting, upgrading, or uninstalling the Windows agent
Restarting the Windows agent
Upgrading the Windows agent
Uninstalling the Windows agent
Troubleshooting the Windows agent
Troubleshooting a failed installation
Roll Back a Windows Agent Installation
Review the Windows Agent Log Files
Agents
Agent health monitoring
Agent coverage dashboard
Probes dashboard
Legacy Agent Dossier
Threat policy management
Creating a custom violation policy
Cloning policies
Editing custom policies
Suppressing behavior anomaly alerts
Suppressing crawler-related alerts
Risk Center
Unified risk management
Creating Explorer policies
Risk Insights
Risk categories
Viewing insights
Risk insights table fields
Viewing insight details
Affected resource context panel
Creating, tuning, and cloning insights
Creating remediation tickets
Risk Alerts
Risk Visibility
Attack Path Analysis
Top Work Items
Path Investigation
Supported Attack Paths
Attack Path Risk Calculation
Attack Path Secrets Detection
Attack Path Cloud Feature Comparison
Attack Path FAQ
Exposure Polygraph
Compliance
Cloud compliance
Cloud Compliance Dashboard
Kubernetes compliance
Kubernetes Compliance Dashboard
Kubernetes Compliance FAQs
Kubernetes Troubleshooting
Posture Policies
Create a Custom Compliance Policy
Modify Compliance and Violation Policies
Manage Custom Policies with Terraform
Manage Policy Exceptions with Terraform
Add Compliance Policy Exceptions in the FortiCNAPP console
Manage Compliance Policy Exceptions in the FortiCNAPP console
Add or Edit Compliance Policy Exceptions through the FortiCNAPP API
Identity Security
Identities
Integrate AWS Identity
Integrate Azure Identity
Integrate Google Cloud Identity/Workspace
CIEM policies
Overview
Top Identity Risks
Explore
Identity Details
Risk Remediation
Excessive Privilege Risk Remediation
Identity Risk Remediation Tickets
Identity Risk Exceptions
Entitlement Risks
Identity Datasources
Identity Policy Details
Use Cases
Identities FAQ
Vulnerabilities
Vulnerabilities dashboard
Vulnerabilities overview dashboard
Top items dashboard
Explore
Managing dashboard widgets
Working with queries
Host Vulnerabilities
Host Vulnerability Assessment Overview
Host Image Support
Host OS and language library support for vulnerability assessment
Host Vulnerability - Scanning of Language Libraries and Package Managers
Fix a Vulnerability on Linux Hosts
When Linux Host Assessments Identify a Vulnerability as Fixed
Multiple Fixed Parallel Package Versions
When Host Assessment Metrics Carry Forward
Host Vulnerability - FAQs
Container vulnerabilities
Container vulnerability assessment overview
Types of scanning
Container image support
Container Vulnerability - Scanning of Language Libraries and Package Managers
Base image scanning
Local scanning quickstart
FortiCNAPP API & CLI - Container Vulnerability
How to & Troubleshooting - Container Vulnerability
Container Vulnerability - FAQs
Unscanned Active Images - FAQs
Vulnerability Exceptions
Vulnerability Exceptions Overview
FortiCNAPP console - Vulnerability Exceptions
Create and Manage Vulnerability Exceptions
Vulnerability Policies
Container Vulnerability Policies
FortiCNAPP Risk Score
Active package detection
Integrate container registries
Integrate platform scanner
Platform scanner overview
Integrate Amazon elastic container registry
Integrate Docker Hub
Integrate a Docker V2 Registry
Integrate GitHub Container Registry
Integrate Google Artifact Registry
Integrate Google Container Registry
Integrate Proxy Scanner
Integrate Proxy Scanner with JFrog Registry
Integrate Proxy Scanner with JFrog Registry - Auto Polling
Integrate Proxy Scanner with JFrog Registry - Notification/On-demand
Integrate Proxy Scanner with Sonatype Nexus Registry
Integrate Inline Scanner
Integrate the FortiCNAPP Inline Scanner with CI Pipelines
Integrate with Kubernetes Admission Controller
Integrate FortiCNAPP with Security in Jira
Integrate with ServiceNow
Code Security
Overview
Code Security support matrix
Integration and feature matrix
Getting started
Requirements
Integrating with an SCM
GitHub
GitLab
Bitbucket
Managing source control management integrations
Integrated Code Security scanning triggers
Integrate with a CI/CD pipeline
Infrastructure-as-Code Security
General requirements
Integrate with Atlantis
Azure DevOps integration
GitHub actions
GitLab pipeline
GitLab self-hosted pipeline
Jenkins integration
SCA and SAST
General requirements
Tutorial with GitHub actions
Tutorial with GitLab pipeline
Leveraging the codesec.yaml file
Navigating the Infrastructure-as-Code security pages
Overview
Assessments
Repositories
Pipelines
Violations
Overview
Violations
Policies
FortiCNAPP IaC policies
Navigating the Application security pages
Overview
Vulnerabilities: Internal code
Vulnerabilities: 3rd party
Vulnerabilities: Hard-coded secrets
Repositories
Components
Features
Infrastructure-as-Code Security
Supported languages
Opal Engine
Opal overview
Getting started with Opal
Writing custom Opal policies
Testing custom Opal policies
Opal output
Opal examples
Software Composition Analysis (SCA)
Languages supported by SCA
SBOM management
License compliance
SmartFix
Application Context Filtering (ACF)
Active vulnerability detection correlation
Static application security testing (SAST)
Languages supported by SAST
Go
Java
JavaScript
PHP
Python
Typescript
Secrets detection
Detectable secrets
IDE extensions
VS Code
Cursor
Exception management
Configuring exceptions
Removing exceptions
Exceptions example
Pull request commenting
Legacy IaC Security overview
Getting started with IaC Security
CLI usage
IaC support matrix
Legacy FortiCNAPP IaC policies
Legacy CI/CD integrations
Legacy Atlantis integration
Legacy Azure DevOps (beta)
Legacy GitHub actions
GitLab
Legacy GitLab pipeline
Legacy GitLab self-hosted pipeline
Legacy Jenkins integration
IaC Compliance Scanning
Language support
Configuring IaC Security settings
Modifying IaC Security policies
Using repositories
Using findings
Viewing violations
Enforcing checks before merging
Pull Request build status
Configure the Code Security app
IaC Security FAQs
Frequently asked questions and troubleshooting
Migrating to FortiCNAPP IaC v2
Troubleshooting failed Git status checks
Code Security repository scanning process
DSPM
Integrating DSPM scanning with your AWS cloud accounts
Integrating DSPM scanning with your Azure cloud accounts
DSPM cloud account setup
Data policies
Risk center Insights and DSPM
Explorer and DSPM
Resource inventory and DSPM
Governance
Managing queries
Managing policies
Platform policies and alerts
Managing policy frameworks
Administrator guide
FortiCNAPP console overview
Views management
Polygraphs
FortiCNAPP polygraph
Viewing the polygraph of Cloud activities
Viewing the polygraph of host activities
Viewing the polygraph of containers activities
Viewing the polygraph of Kubernetes activities
FortiCNAPP Polygraph FAQ
Dashboard
Accessing the Dashboard
Configuring the Dashboard
Custom Dashboard views
Configure alert channels
Alert channels
Alert rules
Amazon EventBridge Alert Channel
Amazon Security Lake alert channel
AWS Security Hub alert channel
Azure DevOps alert channel
Cisco Webex Teams alert channel
Datadog alert channel
Elastic/ELK Stack alert channel
Email alert channel
FortiSIEM alert channel
FortiSOAR alert channel
Google Cloud Pub/Sub alert channel
Google Eventarc alert channel
IBM QRadar alert channel
Jira alert channel
Microsoft Teams alert channel
New Relic alert channel
Opsgenie alert channel
PagerDuty alert channel
ServiceNow alert channel
Slack alert channel
Splunk alert channel
Sumo Logic alert channel
VictorOps (Splunk On-Call) alert channel
Custom webhook alert channel
Reports
Authentication configuration
FortiCloud integrated authentication
IAM users
API access to FortiCNAPP through FortiCloud
SAML and external IdP
Legacy authentication configuration
Enable SAML
Google OAuth Configuration
Okta SAML SSO
Okta SAML JIT
Google Workspace SAML SSO
Google Workspace SAML JIT
Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML JIT
OneLogin SAML SSO
OneLogin SAML JIT
SAML SSO with Red Hat Keycloak
SAML SSO with AWS
Access control and authorization
FortiCloud integrated access control
Access and permission profiles
Legacy access control overview
Managing access at the organization level
Managing access at the account level
Access control at the organization level
Access control at the account level
Settings
Integrations
Cloud accounts
Update AWS account name in the console
Container registries
Security in Jira
Configuration
Resource Groups
API keys
Agent Tokens
Report rules
Data Shares and Export
S3 data export and Snowflake data share
Data share and data export use cases
Request a Snowflake data share
Snowflake Data Share Views
ALERT_DETAILS_V view
ALERT_EVIDENCE_V view
ALERTS_V view
ALL_FILES_V view
APPLICATIONS_V view
CHANGE_FILES_V view
CLOUD_COMPLIANCE_V view
CLOUD_CONFIGURATION_V view
CLOUD_RESOURCES_V view
CMDLINE_V view
CONNECTIONS_V view
CONTAINER_SUMMARY_V view
CONTAINER_VULN_DETAILS_V view
DNS_QUERY_V view
HOST_VULN_DETAILS_V view
IMAGE_V view
INTERFACES_V view
INTERNAL_IPA_V view
MACHINE_DETAILS_V view
MACHINE_SUMMARY_V view
NEW_HASHES_V view
PACKAGE_V view
POD_SUMMARY_V view
PROCESS_SUMMARY_V view
USER_DETAILS_V view
USER_LOGIN_V view
S3 Data Exporter
Amazon S3 data export
Amazon S3 data export views and folder structure
Agent Management V view
General
Configure Risk Scores
My Settings
My Profile
Organizations
Organization overview
Subscription and Usage
Viewing subscription status
Assigning packages to accounts
Allocating packages to resource groups
Subscription Usage
Usage
License
Audit logs
Team members
Authentication overview
Integration
AWS integration
FortiCNAPP Foundational Technical Review Assessor
AWS integration using Terraform
AWS Integration - Automated
AWS Integration - Guided Configuration
AWS Integration - Terraform from AWS CloudShell
AWS Integration - Terraform from Any Supported Host
AWS integration using CloudFormation
AWS Control Tower integration using CloudFormation
Integration with S3 Buckets Using SSE-KMS
AWS console
AWS CloudTrail Integration Prerequisites
AWS Configuration Integration Prerequisites
AWS Integration - Manual Configuration
AWS GovCloud Integration
AWS CloudTrail Integration for Organizations
AWS CloudTrail Account Mapping for Organizations
Update the External ID of an Existing AWS Integration
Customizing your configuration integration
FortiCNAPP for AWS FAQ
Azure integration
Create an Azure App for Integration
Azure integration using Terraform
Azure Integration - Automated
Azure Integration - Guided Configuration
Azure Integration - Terraform from Azure Cloud Shell
Azure Integration - Terraform from Any Supported Host
Azure portal
Azure Activity Log Integration - Manual Configuration
Azure Configuration Integration - Manual Configuration
Gather Azure Client ID, Tenant ID, and Client Secret
FortiCNAPP for Azure FAQ
Google Cloud integration
Required Roles for Google Cloud Configuration and Audit Log Integrations
Create a Google Cloud Service Account and Grant Access
Google Cloud integration using Terraform
Google Cloud Integration - Automated
Google Cloud Integration - Guided Configuration
Pub/Sub-Based Google Cloud Integration - Terraform from Google Cloud Shell
Pub/Sub-Based Google Cloud Integration - Terraform from Any Supported Host
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration Using Terraform
Storage-Based Google Cloud Integration - Terraform from Google Cloud Shell
Storage-Based Google Cloud Integration - Terraform from Any Supported Host
Google cloud console
Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Storage-Based Google Cloud Audit Log Integration - Manual Configuration
Google Cloud Configuration Integration - Manual Configuration
Enable the Required Google Cloud APIs
Delete a FortiCNAPP Integration from Google Cloud
FortiCNAPP for Google Cloud FAQ
OCI integration
Required Roles for OCI Integration
OCI integration using Terraform
Integrate OCI Manually
Set up a FortiCNAPP User in OCI
Add the OCI Integration
Provision Access to OCI Resources with Resource Groups
Rotate the OCI API Key
Kubernetes compliance integration
Supported environments and prerequisites
Kubernetes compliance integration using Helm
Kubernetes compliance integration using Terraform
Terraform for FortiCNAPP
Getting started with Terraform for FortiCNAPP
Single role Terraform deployment
Manage cloud integrations with Terraform
Maintain cloud integrations with Terraform
Manage alert channels with Terraform
Configuring alert profiles with Terraform
Manage alert rules with Terraform
Managing resource groups with Terraform
Appendix A - Inbound and outbound connections
Appendix B - AI transparency: FortiCNAPP AI Assist
Appendix C - Customer opt-in for generative AI features
Home
26.2.0
Administration Guide
Cloud logs
Cloud logs
Cloud logs consists of the following:
Cloud Activity Logs
Kubernetes Activity Logs
Previous
Next
Cloud logs
Cloud logs
Cloud logs consists of the following:
Cloud Activity Logs
Kubernetes Activity Logs
Previous
Next
Home
Products
Summary
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By Solution
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By 4D Pillars
Secure SD-WAN
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Application Delivery
FortiADC
FortiGSLB
Secure Access Service Edge(SASE)
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
ZTNA
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
LAN Edge
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity and Access Management
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application Firewall
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
By Cloud
Public Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
Private Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
FortiCloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Best Practices
4D Resources
Define, Design, Deploy, Demo
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Application Delivery Controller
Solution Hubs
Curated Links by Solution
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
Hardware Guides
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Products A-Z
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIGate
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiWeb Manager
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
Table of Contents
Getting started
Onboarding
Onboarding dashboard
Onboarding process overview
Onboarding tasks
Accessing FortiCNAPP
Logging in through FortiCloud
Logging in with your FortiCNAPP credentials
Navigating FortiCloud Services
Migration to FortiCloud FAQ
FortiCNAPP FAQ
Additional resources
Security Fabric integration
FortiAnalyzer
FortiGate
FortiSIEM
FortiSOAR
Explorer
Query builder
Running saved queries
Building a query
Working with query results
Explorer risk score
Explorer graph
Graph examples
Workflows
Example workflow:Â Show all hosts with Log4j vulnerability
Resource inventory
Using the resource inventory
Oracle Cloud Infrastructure inventory
Threat Center
Alerts
Viewing alert details
FortiCNAPPÂ AI Assist
Filtering alerts
Security Insights FAQ
AWS Security Hub
Amazon GuardDuty
AWS built-in package
Cloud logs
Cloud activity logs
Cloud activity integrations
AWS CloudTrail
Azure Activity Log
GCP Audit Log
Log Types
Kubernetes Activity Logs
Kubernetes Audit Log Integrations
Amazon EKS Audit Log Integration
EKS Audit Log Integration Using Terraform
EKS Audit Log Integration Using CloudFormation
EKS Audit Log Manual Integration
Disable or Delete EKS Audit Log Integrations
Download CloudFormation Template Files Using the API
Manage an EKS Audit Log Integration Using Terraform
GKE Audit Logs
Kubernetes Audit Logs for GKE
GKE Audit Log Integration - Terraform
GKE Audit Log Integration - Manual
GKE Audit Log FAQ
Kubernetes Dashboard
Kubernetes Security FAQ
Workloads
Workload security dashboards
Hosts
Dashboard navigation and filters
Applications
Files
Machines
Networks
Processes
Users
Containers
Agentless workload scanning
Agentless workload scanning overview
Before you begin
Integrating your AWSÂ environment
CloudFormation
Agentless workload scanning for AWS - single account integration using CloudFormation
Agentless Workload Scanning for AWS - Organization Integration (CloudFormation)
Terraform
Prerequisites
Configuring IAM permissions for deployment
IAM permissions used during workload scanning
Integrating agentless workload scanning for AWS single account with Terraform
Integrating agentless workload scanning for AWS organization account with Terraform
Integrating your Google Cloud environment
Terraform
Prerequisites
Google Cloud IAM permissions required for deployment
IAM permissions used during workload scanning
Deploying agentless workload scanning for a project on Google Cloud
Deploying agentless workload scanning for an organization on Google Cloud
Integrating your Azure environment
Integration types
Preparing for integration
Deploying agentless workload scanning on Azure
Removing an agentless workload scanning integration
FortiCNAPP console
Viewing agentless workload scanning results
Managing your agentless workload scanning integration
Secrets detected by agentless workload scanning
Agentless scanning for Windows
Agentless workload scanning FAQs
Agent-based workload security
Linux agent-based workload security
Install the Linux Agent
Linux agent install checklist
Required connectivity, proxies, and certificates for agents
Downloading GPG and RSA keys to verify agent release package signature
Managing agent access tokens
Downloading the Linux agent installer
Configuring access to tags and metadata in AWS
Configuring access to labels in Google Cloud
Install on Hosts
Installing using the install.sh script
Installing with the FortiCNAPP CLI
Installing from package repositories
Installing with a DEB or RPM package
Installing with Chef
Installing with Ansible
Installing on AWS EC2 with Terraform and AWS Systems Manager
Installing with an AMI created with Packer
Installing on Alpine Linux
Install Linux Agent with AWS Elastic Beanstalk
Installing on a GCE host
Installing on CoreOS
Install on Containers
Deploying with Docker
Deploying on AWS Fargate for ECS
Installing on AWS ECS as a daemon service (EC2 launch type)
Deploying on Google Cloud Run
Install on Kubernetes
Installing Linux agent on Kubernetes
Deploying on AWS Fargate for EKS
Install Linux Agent on GKE Autopilot
How FortiCNAPP derives the K8s cluster name
View Kubernetes Clusters or Node Types in FortiCNAPP console
Change Agent Resource Installation Limits on Kubernetes Environments
Troubleshoot a Failed Linux Agent Installation
Configure the Linux Agent
Configure Linux Agent Using the FortiCNAPP console
Configure Linux Agent Using Agent Configuration File
Configure Linux Agent Using Environment Variables
Specifying the agent server URL
Adding agent tags
Run Agent as Non-Root User
Agent Administration
Viewing Linux agent status
Viewing agent versions
Viewing Linux agent logs
Viewing agent details on the FortiCNAPP console
Viewing host details on the FortiCNAPP console
Starting, stopping, or restarting the Linux agent
Upgrading the Linux agent
Uninstall the Linux Agent
Linux Agent FAQs
File Integrity Monitoring (FIM) FAQs
Windows agent-based workload security
Installing the Windows agent
Windows agent installation prerequisites
Downloading the Windows agent installer
Windows agent install options
Installing the Windows agent from the command line
Installing the Windows agent using a PowerShell script
Install Windows Agent on AWS with Packer
Installing the Windows agent on Azure VMs using a PowerShell script
Installing Windows Agent with Azure Resource Manager
Installing Windows agent on Azure VMs using Terraform
Windows agent installation options on K8s
Installing Windows agent on AKS or EKS clusters using a Helm Chart
Configuring Windows Agent on AKS or EKS Clusters using Helm Chart
Verify the Windows Agent Installation
View Windows Agent Details and Alerts
Configuring the Windows agent
Configure Windows Agent Using the Configuration File
Use a Network Proxy for Windows Agent Traffic
Configure Access to Tags in AWS
Configuring access to labels in Google Cloud
Add Custom Agent Tags
Add the Windows Agent as a Trusted Entity
File and registry integrity monitoring for Windows
File Integrity Monitoring for Windows Overview
Configure FIM Properties for Windows Agent
Monitor Changes to Windows Registry
Restarting, upgrading, or uninstalling the Windows agent
Restarting the Windows agent
Upgrading the Windows agent
Uninstalling the Windows agent
Troubleshooting the Windows agent
Troubleshooting a failed installation
Roll Back a Windows Agent Installation
Review the Windows Agent Log Files
Agents
Agent health monitoring
Agent coverage dashboard
Probes dashboard
Legacy Agent Dossier
Threat policy management
Creating a custom violation policy
Cloning policies
Editing custom policies
Suppressing behavior anomaly alerts
Suppressing crawler-related alerts
Risk Center
Unified risk management
Creating Explorer policies
Risk Insights
Risk categories
Viewing insights
Risk insights table fields
Viewing insight details
Affected resource context panel
Creating, tuning, and cloning insights
Creating remediation tickets
Risk Alerts
Risk Visibility
Attack Path Analysis
Top Work Items
Path Investigation
Supported Attack Paths
Attack Path Risk Calculation
Attack Path Secrets Detection
Attack Path Cloud Feature Comparison
Attack Path FAQ
Exposure Polygraph
Compliance
Cloud compliance
Cloud Compliance Dashboard
Kubernetes compliance
Kubernetes Compliance Dashboard
Kubernetes Compliance FAQs
Kubernetes Troubleshooting
Posture Policies
Create a Custom Compliance Policy
Modify Compliance and Violation Policies
Manage Custom Policies with Terraform
Manage Policy Exceptions with Terraform
Add Compliance Policy Exceptions in the FortiCNAPP console
Manage Compliance Policy Exceptions in the FortiCNAPP console
Add or Edit Compliance Policy Exceptions through the FortiCNAPP API
Identity Security
Identities
Integrate AWS Identity
Integrate Azure Identity
Integrate Google Cloud Identity/Workspace
CIEM policies
Overview
Top Identity Risks
Explore
Identity Details
Risk Remediation
Excessive Privilege Risk Remediation
Identity Risk Remediation Tickets
Identity Risk Exceptions
Entitlement Risks
Identity Datasources
Identity Policy Details
Use Cases
Identities FAQ
Vulnerabilities
Vulnerabilities dashboard
Vulnerabilities overview dashboard
Top items dashboard
Explore
Managing dashboard widgets
Working with queries
Host Vulnerabilities
Host Vulnerability Assessment Overview
Host Image Support
Host OS and language library support for vulnerability assessment
Host Vulnerability - Scanning of Language Libraries and Package Managers
Fix a Vulnerability on Linux Hosts
When Linux Host Assessments Identify a Vulnerability as Fixed
Multiple Fixed Parallel Package Versions
When Host Assessment Metrics Carry Forward
Host Vulnerability - FAQs
Container vulnerabilities
Container vulnerability assessment overview
Types of scanning
Container image support
Container Vulnerability - Scanning of Language Libraries and Package Managers
Base image scanning
Local scanning quickstart
FortiCNAPP API & CLI - Container Vulnerability
How to & Troubleshooting - Container Vulnerability
Container Vulnerability - FAQs
Unscanned Active Images - FAQs
Vulnerability Exceptions
Vulnerability Exceptions Overview
FortiCNAPP console - Vulnerability Exceptions
Create and Manage Vulnerability Exceptions
Vulnerability Policies
Container Vulnerability Policies
FortiCNAPP Risk Score
Active package detection
Integrate container registries
Integrate platform scanner
Platform scanner overview
Integrate Amazon elastic container registry
Integrate Docker Hub
Integrate a Docker V2 Registry
Integrate GitHub Container Registry
Integrate Google Artifact Registry
Integrate Google Container Registry
Integrate Proxy Scanner
Integrate Proxy Scanner with JFrog Registry
Integrate Proxy Scanner with JFrog Registry - Auto Polling
Integrate Proxy Scanner with JFrog Registry - Notification/On-demand
Integrate Proxy Scanner with Sonatype Nexus Registry
Integrate Inline Scanner
Integrate the FortiCNAPP Inline Scanner with CI Pipelines
Integrate with Kubernetes Admission Controller
Integrate FortiCNAPP with Security in Jira
Integrate with ServiceNow
Code Security
Overview
Code Security support matrix
Integration and feature matrix
Getting started
Requirements
Integrating with an SCM
GitHub
GitLab
Bitbucket
Managing source control management integrations
Integrated Code Security scanning triggers
Integrate with a CI/CD pipeline
Infrastructure-as-Code Security
General requirements
Integrate with Atlantis
Azure DevOps integration
GitHub actions
GitLab pipeline
GitLab self-hosted pipeline
Jenkins integration
SCA and SAST
General requirements
Tutorial with GitHub actions
Tutorial with GitLab pipeline
Leveraging the codesec.yaml file
Navigating the Infrastructure-as-Code security pages
Overview
Assessments
Repositories
Pipelines
Violations
Overview
Violations
Policies
FortiCNAPP IaC policies
Navigating the Application security pages
Overview
Vulnerabilities: Internal code
Vulnerabilities: 3rd party
Vulnerabilities: Hard-coded secrets
Repositories
Components
Features
Infrastructure-as-Code Security
Supported languages
Opal Engine
Opal overview
Getting started with Opal
Writing custom Opal policies
Testing custom Opal policies
Opal output
Opal examples
Software Composition Analysis (SCA)
Languages supported by SCA
SBOM management
License compliance
SmartFix
Application Context Filtering (ACF)
Active vulnerability detection correlation
Static application security testing (SAST)
Languages supported by SAST
Go
Java
JavaScript
PHP
Python
Typescript
Secrets detection
Detectable secrets
IDE extensions
VS Code
Cursor
Exception management
Configuring exceptions
Removing exceptions
Exceptions example
Pull request commenting
Legacy IaC Security overview
Getting started with IaC Security
CLI usage
IaC support matrix
Legacy FortiCNAPP IaC policies
Legacy CI/CD integrations
Legacy Atlantis integration
Legacy Azure DevOps (beta)
Legacy GitHub actions
GitLab
Legacy GitLab pipeline
Legacy GitLab self-hosted pipeline
Legacy Jenkins integration
IaC Compliance Scanning
Language support
Configuring IaC Security settings
Modifying IaC Security policies
Using repositories
Using findings
Viewing violations
Enforcing checks before merging
Pull Request build status
Configure the Code Security app
IaC Security FAQs
Frequently asked questions and troubleshooting
Migrating to FortiCNAPP IaC v2
Troubleshooting failed Git status checks
Code Security repository scanning process
DSPM
Integrating DSPM scanning with your AWS cloud accounts
Integrating DSPM scanning with your Azure cloud accounts
DSPM cloud account setup
Data policies
Risk center Insights and DSPM
Explorer and DSPM
Resource inventory and DSPM
Governance
Managing queries
Managing policies
Platform policies and alerts
Managing policy frameworks
Administrator guide
FortiCNAPP console overview
Views management
Polygraphs
FortiCNAPP polygraph
Viewing the polygraph of Cloud activities
Viewing the polygraph of host activities
Viewing the polygraph of containers activities
Viewing the polygraph of Kubernetes activities
FortiCNAPP Polygraph FAQ
Dashboard
Accessing the Dashboard
Configuring the Dashboard
Custom Dashboard views
Configure alert channels
Alert channels
Alert rules
Amazon EventBridge Alert Channel
Amazon Security Lake alert channel
AWS Security Hub alert channel
Azure DevOps alert channel
Cisco Webex Teams alert channel
Datadog alert channel
Elastic/ELK Stack alert channel
Email alert channel
FortiSIEM alert channel
FortiSOAR alert channel
Google Cloud Pub/Sub alert channel
Google Eventarc alert channel
IBM QRadar alert channel
Jira alert channel
Microsoft Teams alert channel
New Relic alert channel
Opsgenie alert channel
PagerDuty alert channel
ServiceNow alert channel
Slack alert channel
Splunk alert channel
Sumo Logic alert channel
VictorOps (Splunk On-Call) alert channel
Custom webhook alert channel
Reports
Authentication configuration
FortiCloud integrated authentication
IAM users
API access to FortiCNAPP through FortiCloud
SAML and external IdP
Legacy authentication configuration
Enable SAML
Google OAuth Configuration
Okta SAML SSO
Okta SAML JIT
Google Workspace SAML SSO
Google Workspace SAML JIT
Microsoft Entra ID SAML SSO
Microsoft Entra ID SAML JIT
OneLogin SAML SSO
OneLogin SAML JIT
SAML SSO with Red Hat Keycloak
SAML SSO with AWS
Access control and authorization
FortiCloud integrated access control
Access and permission profiles
Legacy access control overview
Managing access at the organization level
Managing access at the account level
Access control at the organization level
Access control at the account level
Settings
Integrations
Cloud accounts
Update AWS account name in the console
Container registries
Security in Jira
Configuration
Resource Groups
API keys
Agent Tokens
Report rules
Data Shares and Export
S3 data export and Snowflake data share
Data share and data export use cases
Request a Snowflake data share
Snowflake Data Share Views
ALERT_DETAILS_V view
ALERT_EVIDENCE_V view
ALERTS_V view
ALL_FILES_V view
APPLICATIONS_V view
CHANGE_FILES_V view
CLOUD_COMPLIANCE_V view
CLOUD_CONFIGURATION_V view
CLOUD_RESOURCES_V view
CMDLINE_V view
CONNECTIONS_V view
CONTAINER_SUMMARY_V view
CONTAINER_VULN_DETAILS_V view
DNS_QUERY_V view
HOST_VULN_DETAILS_V view
IMAGE_V view
INTERFACES_V view
INTERNAL_IPA_V view
MACHINE_DETAILS_V view
MACHINE_SUMMARY_V view
NEW_HASHES_V view
PACKAGE_V view
POD_SUMMARY_V view
PROCESS_SUMMARY_V view
USER_DETAILS_V view
USER_LOGIN_V view
S3 Data Exporter
Amazon S3 data export
Amazon S3 data export views and folder structure
Agent Management V view
General
Configure Risk Scores
My Settings
My Profile
Organizations
Organization overview
Subscription and Usage
Viewing subscription status
Assigning packages to accounts
Allocating packages to resource groups
Subscription Usage
Usage
License
Audit logs
Team members
Authentication overview
Integration
AWS integration
FortiCNAPP Foundational Technical Review Assessor
AWS integration using Terraform
AWS Integration - Automated
AWS Integration - Guided Configuration
AWS Integration - Terraform from AWS CloudShell
AWS Integration - Terraform from Any Supported Host
AWS integration using CloudFormation
AWS Control Tower integration using CloudFormation
Integration with S3 Buckets Using SSE-KMS
AWS console
AWS CloudTrail Integration Prerequisites
AWS Configuration Integration Prerequisites
AWS Integration - Manual Configuration
AWS GovCloud Integration
AWS CloudTrail Integration for Organizations
AWS CloudTrail Account Mapping for Organizations
Update the External ID of an Existing AWS Integration
Customizing your configuration integration
FortiCNAPP for AWS FAQ
Azure integration
Create an Azure App for Integration
Azure integration using Terraform
Azure Integration - Automated
Azure Integration - Guided Configuration
Azure Integration - Terraform from Azure Cloud Shell
Azure Integration - Terraform from Any Supported Host
Azure portal
Azure Activity Log Integration - Manual Configuration
Azure Configuration Integration - Manual Configuration
Gather Azure Client ID, Tenant ID, and Client Secret
FortiCNAPP for Azure FAQ
Google Cloud integration
Required Roles for Google Cloud Configuration and Audit Log Integrations
Create a Google Cloud Service Account and Grant Access
Google Cloud integration using Terraform
Google Cloud Integration - Automated
Google Cloud Integration - Guided Configuration
Pub/Sub-Based Google Cloud Integration - Terraform from Google Cloud Shell
Pub/Sub-Based Google Cloud Integration - Terraform from Any Supported Host
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration Using Terraform
Storage-Based Google Cloud Integration - Terraform from Google Cloud Shell
Storage-Based Google Cloud Integration - Terraform from Any Supported Host
Google cloud console
Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Migrate From Storage-Based to Pub/Sub-Based Google Cloud Audit Log Integration - Manual Configuration
Storage-Based Google Cloud Audit Log Integration - Manual Configuration
Google Cloud Configuration Integration - Manual Configuration
Enable the Required Google Cloud APIs
Delete a FortiCNAPP Integration from Google Cloud
FortiCNAPP for Google Cloud FAQ
OCI integration
Required Roles for OCI Integration
OCI integration using Terraform
Integrate OCI Manually
Set up a FortiCNAPP User in OCI
Add the OCI Integration
Provision Access to OCI Resources with Resource Groups
Rotate the OCI API Key
Kubernetes compliance integration
Supported environments and prerequisites
Kubernetes compliance integration using Helm
Kubernetes compliance integration using Terraform
Terraform for FortiCNAPP
Getting started with Terraform for FortiCNAPP
Single role Terraform deployment
Manage cloud integrations with Terraform
Maintain cloud integrations with Terraform
Manage alert channels with Terraform
Configuring alert profiles with Terraform
Manage alert rules with Terraform
Managing resource groups with Terraform
Appendix A - Inbound and outbound connections
Appendix B - AI transparency: FortiCNAPP AI Assist
Appendix C - Customer opt-in for generative AI features
DOCUMENT LIBRARY
26.2.0
DOCUMENT LIBRARY
26.2.0