Fortinet black logo

Administration Guide

All Events

All Events

To view all the events, go to FortiSoC/Incidents & Events > Event Monitor > All Events.

Double-click an event line to drill down for more details.

Hover your mouse over an entry to view the asset and identity information for that event.

Devices

To view events for specific devices, click the devices dropdown and select a device.

Time Period

To change the time period to display, click the time icon and specify a time period. Select Custom to specify a time period not in the dropdown list.

Collapse All/Expand All

To view event summaries or details, click Collapse All or Expand All.

Show Acknowledged

To include acknowledged events, click Show Acknowledged. See Acknowledging events.

Refresh

To manually refresh the events data, click Refresh.

You can specify a refresh interval of Every 10 Seconds, Every 30 Seconds, Every 1 Minute, or Every 5 Minutes.

Custom View

Save the current view including filter settings, device selection, and time period.

Column Settings

Select which columns are displayed in the All Events pane. Columns not displayed by default include

Acknowledged, Acknowledged By, Acknowledged Time, Assigned To, Comment, Commented By, Commented Time, Device ID, Device Type, Event ID, Group By, Group By 2, Group By 3, Indicators, Last Occurence, and VDOM Name.

Export to CSV

Download the events to a CSV file.

All Events

To view all the events, go to FortiSoC/Incidents & Events > Event Monitor > All Events.

Double-click an event line to drill down for more details.

Hover your mouse over an entry to view the asset and identity information for that event.

Devices

To view events for specific devices, click the devices dropdown and select a device.

Time Period

To change the time period to display, click the time icon and specify a time period. Select Custom to specify a time period not in the dropdown list.

Collapse All/Expand All

To view event summaries or details, click Collapse All or Expand All.

Show Acknowledged

To include acknowledged events, click Show Acknowledged. See Acknowledging events.

Refresh

To manually refresh the events data, click Refresh.

You can specify a refresh interval of Every 10 Seconds, Every 30 Seconds, Every 1 Minute, or Every 5 Minutes.

Custom View

Save the current view including filter settings, device selection, and time period.

Column Settings

Select which columns are displayed in the All Events pane. Columns not displayed by default include

Acknowledged, Acknowledged By, Acknowledged Time, Assigned To, Comment, Commented By, Commented Time, Device ID, Device Type, Event ID, Group By, Group By 2, Group By 3, Indicators, Last Occurence, and VDOM Name.

Export to CSV

Download the events to a CSV file.