Fortinet black logo

New Features

Report - SOC Daily Operations

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:992781
Download PDF

Report - SOC Daily Operations

The new Security Events and Incidents Summary report provides a brief summary of the events and incidents collected by the FortiAnalyzer. This report can be used to determine events and incidents by severity, date, and counts, and to view their trends over time.

Report sections

The report contains five main sections: Quick Insights, Overall Severity, Total Events Count by Severity and Category, Raised Incidents, and List of Incidents. It also has an appendix that lists the devices that provided the data.

Quick Insights

A table of the events and incidents for today and yesterday, and this period and last period (for example, this week and last week), as well as their trends.

Overall Severity
  • Total Events by Severity

    A table and doughnut chart showing the total events for four severity levels - Low, Medium, High, and Critical - in descending order. The total number of events is also shown in the doughnut hole.

  • Total Events by Severity Over This Period

    A stacked bar chart of the number events - colored by severity level - over the specific time period.

Total Events Count by Severity and Category

A table of the event name, number of occurrences, and percent of subtotal for each severity level. The total number and percent of events for each severity level, as well as the total number of events, is also included.

Raised Incidents

Includes two sections:

  • Total Incidents by Severity: a table and doughnut chart showing the total events for three severity levels - Low, Medium, and High - in descending order. The total number of events is also shown in the doughnut hole.
  • Total Events vs Incidents Over This Period: a graph of the number events, incidents, and critical/high events over the specific time period.

List of Incidents

A table of the incidents, including: the incident number, timestamp, category, severity, status, and the affected endpoints.

Create a report

To create a report using the Security Events and Incidents Summary template:
  1. Configure an event handler:
    1. Go to Incidents & Events > Event Monitor > Event Handler List.
    2. Enable an existing event handler, or create a new one (see Event handlers).

  2. Raise an incident:
    1. Go to Incidents & Events > Event Monitor > All Events.
    2. Right click on an event in the content pane, and click Raise Incident.

  3. Create the report:
    1. Go to Reports > Report Definitions > All Reports, and click Create New in the toolbar. The Create Report dialog box opens.
    2. Enter a name for the report.
    3. Select From Template, then select Template - Security Events and Incidents Summary from the drop-down list.
    4. Select the folder where the report will be saved.

  4. Click OK. The new report is created, and the report settings page opens.
    Tooltip

    You can also create a report based on a template directly from the report template list by right clicking on the template, and selecting Create Report.

  5. Edit the report settings as needed, then click Apply.

    See Report Settings tab for information about the available options.

  6. Run the report:
    1. Go to Reports > Report Definitions > All Reports.
    2. Either right click the report and select Run Report, or select the report then click Run Report in the toolbar.
  7. To view the generated report, go to Reports > Generated Reports, find the report, then select the report format. The report can also be viewed by going to Reports > Report Definitions > All Reports, editing the report, going to the View Report tab, and then selecting the report format to view.

Report - SOC Daily Operations

The new Security Events and Incidents Summary report provides a brief summary of the events and incidents collected by the FortiAnalyzer. This report can be used to determine events and incidents by severity, date, and counts, and to view their trends over time.

Report sections

The report contains five main sections: Quick Insights, Overall Severity, Total Events Count by Severity and Category, Raised Incidents, and List of Incidents. It also has an appendix that lists the devices that provided the data.

Quick Insights

A table of the events and incidents for today and yesterday, and this period and last period (for example, this week and last week), as well as their trends.

Overall Severity
  • Total Events by Severity

    A table and doughnut chart showing the total events for four severity levels - Low, Medium, High, and Critical - in descending order. The total number of events is also shown in the doughnut hole.

  • Total Events by Severity Over This Period

    A stacked bar chart of the number events - colored by severity level - over the specific time period.

Total Events Count by Severity and Category

A table of the event name, number of occurrences, and percent of subtotal for each severity level. The total number and percent of events for each severity level, as well as the total number of events, is also included.

Raised Incidents

Includes two sections:

  • Total Incidents by Severity: a table and doughnut chart showing the total events for three severity levels - Low, Medium, and High - in descending order. The total number of events is also shown in the doughnut hole.
  • Total Events vs Incidents Over This Period: a graph of the number events, incidents, and critical/high events over the specific time period.

List of Incidents

A table of the incidents, including: the incident number, timestamp, category, severity, status, and the affected endpoints.

Create a report

To create a report using the Security Events and Incidents Summary template:
  1. Configure an event handler:
    1. Go to Incidents & Events > Event Monitor > Event Handler List.
    2. Enable an existing event handler, or create a new one (see Event handlers).

  2. Raise an incident:
    1. Go to Incidents & Events > Event Monitor > All Events.
    2. Right click on an event in the content pane, and click Raise Incident.

  3. Create the report:
    1. Go to Reports > Report Definitions > All Reports, and click Create New in the toolbar. The Create Report dialog box opens.
    2. Enter a name for the report.
    3. Select From Template, then select Template - Security Events and Incidents Summary from the drop-down list.
    4. Select the folder where the report will be saved.

  4. Click OK. The new report is created, and the report settings page opens.
    Tooltip

    You can also create a report based on a template directly from the report template list by right clicking on the template, and selecting Create Report.

  5. Edit the report settings as needed, then click Apply.

    See Report Settings tab for information about the available options.

  6. Run the report:
    1. Go to Reports > Report Definitions > All Reports.
    2. Either right click the report and select Run Report, or select the report then click Run Report in the toolbar.
  7. To view the generated report, go to Reports > Generated Reports, find the report, then select the report format. The report can also be viewed by going to Reports > Report Definitions > All Reports, editing the report, going to the View Report tab, and then selecting the report format to view.