Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.0.0 Administration Guide
    7.0.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Identity Center

    Identity Center

    The Fabric View > Identity Center > All pane displays a list of users and endpoints in the network from relevant logs, and correlates them with FortiAnalyzer modules.

    The Identity Center is useful for user and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.

    This Identity Center pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules.

    Column

    Description

    User Name

    The name of the user.

    User Group

    The group of user identities. An identity can be a:

    • Local user account (username/password stored on the FortiGate unit)
    • Remote user account (password stored on a RADIUS, LDAP, or TACACS+ server)
    • PKI user account with digital client authentication certificate stored on the FortiGate unit
    • RADIUS, LDAP, or TACACS+ server, optionally specifying particular user groups on that server
    • User group defined on an FSSO server.

    Endpoints

    Endpoint host name, IP address, or MAC address. A user may be connected to multiple endpoints.

    Click the endpoint to display the corresponding user information in the Assets pane.

    VPN IP

    The VPN IP.

    Identification Time

    The time of identification.

    Last Seen

    The last seen time.

    Last Update

    The date and time the log was updated.

    Use the toolbar to select a Security Fabric, time period, and columns.

    Caution

    End user information is limited if there is no FortiClient in your installation.

    • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
    • User related information might not be available.
    • Detailed information such as OS version, avatar, and social ID information are not available.

    To provide a unified experience, you can customize how identity information is displayed, including which fields are displayed, the order, and the priority.

    To filter the entries using filters in the toolbar:

    • Specify filters in the Add Filter box.

      • Regular Search: In the selected summary view, click Add Filter and select a filter from the dropdown list, then type a value. Click NOT to negate the filter value. You can add multiple filters and connect them with “and” or “or”.

      • Advanced Search: Click the Switch to Advanced Search icon at the end of the Add Filter box. In Advanced Search mode, enter the search criteria (log field names and values). Click the Switch to Regular Search icon to go back to regular search.

    To create a custom view:
    1. In the toolbar, click the column settings icon, and select the columns you want to display.
    2. Click Custom View. The Save as New Custom View dialog is displayed.
    3. In the Name field, enter a name for the custom view, and click OK. The view is saved under Custom View in the tree menu.
    To change the visibility of a custom view:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. In the tree menu, select the menu icon next to your custom view or right click the view, and select Share with Others.
    3. Set the Privacy field to On: Public or Off: Private, and click OK.
    To configure the display settings in the Social column:
    1. Go to Log View >Tools > User Display Preferences.
    2. Select the order preference tab you want to configure.
      Tabs include Name, Picture, Email, Phone Number, and Social.
    3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the identity pop-up window.
    4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.
    Previous
    Next

    Identity Center

    Identity Center

    The Fabric View > Identity Center > All pane displays a list of users and endpoints in the network from relevant logs, and correlates them with FortiAnalyzer modules.

    The Identity Center is useful for user and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.

    This Identity Center pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules.

    Column

    Description

    User Name

    The name of the user.

    User Group

    The group of user identities. An identity can be a:

    • Local user account (username/password stored on the FortiGate unit)
    • Remote user account (password stored on a RADIUS, LDAP, or TACACS+ server)
    • PKI user account with digital client authentication certificate stored on the FortiGate unit
    • RADIUS, LDAP, or TACACS+ server, optionally specifying particular user groups on that server
    • User group defined on an FSSO server.

    Endpoints

    Endpoint host name, IP address, or MAC address. A user may be connected to multiple endpoints.

    Click the endpoint to display the corresponding user information in the Assets pane.

    VPN IP

    The VPN IP.

    Identification Time

    The time of identification.

    Last Seen

    The last seen time.

    Last Update

    The date and time the log was updated.

    Use the toolbar to select a Security Fabric, time period, and columns.

    Caution

    End user information is limited if there is no FortiClient in your installation.

    • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
    • User related information might not be available.
    • Detailed information such as OS version, avatar, and social ID information are not available.

    To provide a unified experience, you can customize how identity information is displayed, including which fields are displayed, the order, and the priority.

    To filter the entries using filters in the toolbar:

    • Specify filters in the Add Filter box.

      • Regular Search: In the selected summary view, click Add Filter and select a filter from the dropdown list, then type a value. Click NOT to negate the filter value. You can add multiple filters and connect them with “and” or “or”.

      • Advanced Search: Click the Switch to Advanced Search icon at the end of the Add Filter box. In Advanced Search mode, enter the search criteria (log field names and values). Click the Switch to Regular Search icon to go back to regular search.

    To create a custom view:
    1. In the toolbar, click the column settings icon, and select the columns you want to display.
    2. Click Custom View. The Save as New Custom View dialog is displayed.
    3. In the Name field, enter a name for the custom view, and click OK. The view is saved under Custom View in the tree menu.
    To change the visibility of a custom view:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. In the tree menu, select the menu icon next to your custom view or right click the view, and select Share with Others.
    3. Set the Privacy field to On: Public or Off: Private, and click OK.
    To configure the display settings in the Social column:
    1. Go to Log View >Tools > User Display Preferences.
    2. Select the order preference tab you want to configure.
      Tabs include Name, Picture, Email, Phone Number, and Social.
    3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the identity pop-up window.
    4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.
    Previous
    Next