Fortinet black logo

New Features

Home FortiAnalyzer 7.0.0 New Features

Data sources tuning

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:510045
Download PDF

Data sources tuning

FortiAnalyzer 7.0.0 includes the option to have more granular control on data sources from the Asset Center and Identity Center - subnets can now be excluded from the selected data sources to reduce noise.

To configure data sources:
  1. Go to Fabric View > Identity Center > All or Fabric View > Asset Center > All.
  2. Click the tools icon in the top-right corner of the pane, and select Data Sources.


    The Data Source Selection dialog appears.

  3. Click Create New to configure a new data source. Six data source types are available:
    • FortiGate Log:
      By default, the log identification of endpoints and end users is enabled for all devices and subnets. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiClient Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiMail Log:
      By default, the log identification of endpoints and end users is disabled for all devices. You can create rules to specify which devices and domains can be included in the data source.
    • FortiWeb Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiNAC Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • EMS Connector:
      By default, the log identification of endpoints and end users is disabled for all EMS connectors. You can create rules to specify which connectors can be included in the data source.

Rules on individual devices have higher priority than the rules configured for "All Devices". You can configure the same data source multiple times when the device or connector is unique. When a conflict arises, you will see a message indicating the data source for that device already exists, and you will have the option to override the existing data source.

Previous
Next

Data sources tuning

FortiAnalyzer 7.0.0 includes the option to have more granular control on data sources from the Asset Center and Identity Center - subnets can now be excluded from the selected data sources to reduce noise.

To configure data sources:
  1. Go to Fabric View > Identity Center > All or Fabric View > Asset Center > All.
  2. Click the tools icon in the top-right corner of the pane, and select Data Sources.


    The Data Source Selection dialog appears.

  3. Click Create New to configure a new data source. Six data source types are available:
    • FortiGate Log:
      By default, the log identification of endpoints and end users is enabled for all devices and subnets. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiClient Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiMail Log:
      By default, the log identification of endpoints and end users is disabled for all devices. You can create rules to specify which devices and domains can be included in the data source.
    • FortiWeb Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • FortiNAC Log:
      By default, the log identification of endpoints and end users is enabled for all devices. You can create rules to specify which devices and which subnets can be excluded in the data source. Set the status to OFF to disable UEBA identification on the specified devices or all devices.
    • EMS Connector:
      By default, the log identification of endpoints and end users is disabled for all EMS connectors. You can create rules to specify which connectors can be included in the data source.

Rules on individual devices have higher priority than the rules configured for "All Devices". You can configure the same data source multiple times when the device or connector is unique. When a conflict arises, you will see a message indicating the data source for that device already exists, and you will have the option to override the existing data source.

Previous
Next