Assets
The Fabric View > Assets pane is the central location for security analysts to view endpoint and user information to make sure they are compliant. Endpoints are important assets in a network as they are the main entry points in a cybersecurity breach.
The Assets pane is useful for the following:
- Incident response. Check assets that are infected or vulnerable as part of your SOC analysis and incident response process.
- Compliance. Identify unknown and non-compliant users and endpoints.
To view relevant asset logs directly from the SOC, Log View, and Incidents & Events panes, click the user or endpoint log, then click the Topography link in the pop-up that appears.
The Assets pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.
|
Column |
Description |
|---|---|
|
Endpoint |
Endpoint host name or IP address. |
|
User |
The name of the user. Click the name to view the corresponding user information in the Identity Center pane. |
|
MAC Address |
Endpoint MAC address. |
|
IP Address |
IP address the endpoint is connected to. A user might be connected to multiple endpoints. |
|
FortiClient UUID |
Unique ID of the FortiClient. |
|
Hardware / OS |
OS name and version. |
|
Vulnerabilities |
The number of vulnerabilities for critical, high, medium, and low vulnerabilities. Click the vulnerability to view the name and category. |
|
Network Location |
The location of the FortiAnalyzer device. |
|
Last Update |
The date and time the log was updated. |
Use the toolbar to select a Security Fabric, time period, and columns.
|
If there is no FortiClient in your installation, then endpoint and end user information is limited.
|
