Fortinet black logo

Administration Guide

Assets

Assets

The Fabric View > Assets pane is the central location for security analysts to view endpoint and user information to make sure they are compliant. Endpoints are important assets in a network as they are the main entry points in a cybersecurity breach.

The Assets pane is useful for the following:

  • Incident response: check assets that are infected or vulnerable as part of your SOC analysis and incident response process.
  • Compliance: identify unknown and non-compliant users and endpoints.

To view relevant asset logs directly from the FortiView, Log View, and Incidents & Events panes, click the user or endpoint log, then click the Topography link in the pop-up that appears.

The Assets pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

Column

Description

Endpoint

Endpoint host name or IP address.

Tags

Tags group and identify assets to assist SOC analysts and FortiSoC playbooks with incident management and prioritization.

Tags are automatically populated with information from FortiClient EMS. Tags from FortiClient EMS are displayed in green with a corresponding icon.

User

The name of the user. Click the name to view the corresponding user information in the Identity Center pane.

MAC Address

Endpoint MAC address.

IP Address

IP address the endpoint is connected to. A user might be connected to multiple endpoints.

FortiClient UUID

Unique ID of the FortiClient.

Hardware / OS

OS name and version.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities. Click the vulnerability to view the name and category.

Right-click the vulnerability to view available on-demand actions using a security fabric connector. See Creating or editing Security Fabric connectors.

Network Location

The location of the FortiAnalyzer device.

Last Update

The date and time the log was updated.

Use the toolbar to select a Security Fabric, time period, and columns.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.

Assets

The Fabric View > Assets pane is the central location for security analysts to view endpoint and user information to make sure they are compliant. Endpoints are important assets in a network as they are the main entry points in a cybersecurity breach.

The Assets pane is useful for the following:

  • Incident response: check assets that are infected or vulnerable as part of your SOC analysis and incident response process.
  • Compliance: identify unknown and non-compliant users and endpoints.

To view relevant asset logs directly from the FortiView, Log View, and Incidents & Events panes, click the user or endpoint log, then click the Topography link in the pop-up that appears.

The Assets pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules. Sort by the Vulnerabilities column to see which endpoints and users have the highest vulnerabilities.

Column

Description

Endpoint

Endpoint host name or IP address.

Tags

Tags group and identify assets to assist SOC analysts and FortiSoC playbooks with incident management and prioritization.

Tags are automatically populated with information from FortiClient EMS. Tags from FortiClient EMS are displayed in green with a corresponding icon.

User

The name of the user. Click the name to view the corresponding user information in the Identity Center pane.

MAC Address

Endpoint MAC address.

IP Address

IP address the endpoint is connected to. A user might be connected to multiple endpoints.

FortiClient UUID

Unique ID of the FortiClient.

Hardware / OS

OS name and version.

Vulnerabilities

The number of vulnerabilities for critical, high, medium, and low vulnerabilities. Click the vulnerability to view the name and category.

Right-click the vulnerability to view available on-demand actions using a security fabric connector. See Creating or editing Security Fabric connectors.

Network Location

The location of the FortiAnalyzer device.

Last Update

The date and time the log was updated.

Use the toolbar to select a Security Fabric, time period, and columns.

If there is no FortiClient in your installation, then endpoint and end user information is limited.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.