FortiNDR logging and reporting enhancements 7.2.1
The following enhancements are introduced for FortiNDR devices:
-
In Log View, support is added for log type: ndr
-
In FortiSOC, support is added for FortiNDR as log device type
-
In Reports, the FortiNDR Network Anomalies Report and additional datasets are added
See below for more details.
A new log type is added for the FortiNDR device. These logs can be found in Log View > FortiNDR > NDR.
This log type is supported in event handlers. In FortiSoC > Handlers > Event Handler List, you create event handlers with Log Type = NDR Log (ndr) when the Log Device Type = FortiNDR.
In FortiSoC > Event Monitor > All Events, the events generated by this handler will display with Event Type = ndr.
In Reports > Report Definitions > Datasets, new datasets are added for the FortiNDR device. These new datasets display in the table view with Device Type = FortiNDR and Log Type = Vulnerability Scan.
In Reports > Report Definitions > Macro Library, new macros are added for the FortiNDR device. These new macros display in the table view with Device Type = FortiNDR and Category = Vulnerability Scan.
In Reports > Report Definitions > Templates, a new default report template is added: Template - FortiNDR Network Anomalies Report.
This template can be used to create a report. You can also use the default report in Reports > Report Definitions > All Reports.
Below is a sample of the FortiNDR Network Anomalies Report in PDF format.