Fortinet black logo

New Features

Home FortiAnalyzer 7.2.0 New Features

FortiNDR logging and reporting enhancements 7.2.1

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 7d55ae6f-8e83-11ec-9fd1-fa163e15d75b:437631
Download PDF

FortiNDR logging and reporting enhancements 7.2.1

The following enhancements are introduced for FortiNDR devices:

  • In Log View, support is added for log type: ndr

  • In FortiSOC, support is added for FortiNDR as log device type

  • In Reports, the FortiNDR Network Anomalies Report and additional datasets are added

See below for more details.

A new log type is added for the FortiNDR device. These logs can be found in Log View > FortiNDR > NDR.

This log type is supported in event handlers. In FortiSoC > Handlers > Event Handler List, you create event handlers with Log Type = NDR Log (ndr) when the Log Device Type = FortiNDR.

In FortiSoC > Event Monitor > All Events, the events generated by this handler will display with Event Type = ndr.

In Reports > Report Definitions > Datasets, new datasets are added for the FortiNDR device. These new datasets display in the table view with Device Type = FortiNDR and Log Type = Vulnerability Scan.

In Reports > Report Definitions > Macro Library, new macros are added for the FortiNDR device. These new macros display in the table view with Device Type = FortiNDR and Category = Vulnerability Scan.

In Reports > Report Definitions > Templates, a new default report template is added: Template - FortiNDR Network Anomalies Report.

This template can be used to create a report. You can also use the default report in Reports > Report Definitions > All Reports.

Below is a sample of the FortiNDR Network Anomalies Report in PDF format.

Previous
Next

FortiNDR logging and reporting enhancements 7.2.1

The following enhancements are introduced for FortiNDR devices:

  • In Log View, support is added for log type: ndr

  • In FortiSOC, support is added for FortiNDR as log device type

  • In Reports, the FortiNDR Network Anomalies Report and additional datasets are added

See below for more details.

A new log type is added for the FortiNDR device. These logs can be found in Log View > FortiNDR > NDR.

This log type is supported in event handlers. In FortiSoC > Handlers > Event Handler List, you create event handlers with Log Type = NDR Log (ndr) when the Log Device Type = FortiNDR.

In FortiSoC > Event Monitor > All Events, the events generated by this handler will display with Event Type = ndr.

In Reports > Report Definitions > Datasets, new datasets are added for the FortiNDR device. These new datasets display in the table view with Device Type = FortiNDR and Log Type = Vulnerability Scan.

In Reports > Report Definitions > Macro Library, new macros are added for the FortiNDR device. These new macros display in the table view with Device Type = FortiNDR and Category = Vulnerability Scan.

In Reports > Report Definitions > Templates, a new default report template is added: Template - FortiNDR Network Anomalies Report.

This template can be used to create a report. You can also use the default report in Reports > Report Definitions > All Reports.

Below is a sample of the FortiNDR Network Anomalies Report in PDF format.

Previous
Next