Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home SOCaaS User Guide

    Dashboard

    Dashboard

    The Dashboard provides an overview of monitored assets, log collection, threat detection, and alert escalation.

    To view alerts over time, click the Alerts: Last 7 Days dropdown at the top left of the page and select a time range between the last 7 to 90 days. Click the Refresh button at the top right of the page to refresh the data.

    The following information is available on the dashboard:

    Chart name

    Description
    SOC Monitoring Summary

    The SOC Monitoring Summary contains information about the following:

    • The number of monitored devices, endpoints, and users. Endpoint and user information is obtained through security logs collected by FortiAnalyzer.
      • Monitored Devices: The number of devices onboarding for SOCaaS monitoring.
      • Monitored Endpoints: The number of endpoints detected from FortiGate logs.
      • Monitored Users: The number of users detected from FortiGate logs.
    • The number of logs collected and processed, security events detected, alerts generated and triaged, and incidents confirmed and escalated by the Fortinet SOC team.
      • Processed Logs: Number of logs collected and processed from customer's FortiGate(s).
      • Security Event: Security events filtered and triaged by FortiAnalyzer event handlers, based on the detections in FortiGate logs.
      • Triaged Alerts: Alerts in which a preliminary assessment was completed by the SOC team to determine if the Alerts should be escalated to the customer. These can be false positive or other events that do not require escalation.
      • Escalated Alerts: Alerts that are found to be high or critical risk or severity (malicious or high suspicious) and are escalated to the customer for review and action in the Alerts view.
    Alerts by Severity, Status and SLA These donut charts display information about alerts based on their severity, status, and SLA. Click See details to view more information about the categories present in the charts. These charts are updated in near real-time.
    Open Alerts by Category Displays information about open alerts based on their category. These charts are updated in near real-time.
    Average Log Rate Shows the average log rate received from FortiAnalyzer. This chart is updated daily.
    Log Collection Breakdown Shows the log collection breakdown based on FortiGate event type: System Events, Traffic, and UTM. This chart is updated daily.

    Threat Detection Trend

    Shows the threat detection trend for Security Events, Triaged Alerts, and Escalated Alerts over a period of time. This chart is updated daily.

    Location Map

    The location map is displayed when the location has been specified for at least one managed Fabric device. See My Assets for more information.

    List of Open Alerts

    Displays a list of open alerts which may require your attention. See Viewing a list of open alerts on the dashboard.

    Viewing a list of open alerts on the dashboard

    The List of Open Alerts displays your alerts by the Last Modified date. Click an alert in the list to view the alert details. You can filter the list by clicking the filter icon () in the column heading. To view more pages, click the arrow keys( |< < > >|) at the bottom of the page. In the Affected Endpoint column, + more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

    Previous
    Next

    Dashboard

    Dashboard

    The Dashboard provides an overview of monitored assets, log collection, threat detection, and alert escalation.

    To view alerts over time, click the Alerts: Last 7 Days dropdown at the top left of the page and select a time range between the last 7 to 90 days. Click the Refresh button at the top right of the page to refresh the data.

    The following information is available on the dashboard:

    Chart name

    Description
    SOC Monitoring Summary

    The SOC Monitoring Summary contains information about the following:

    • The number of monitored devices, endpoints, and users. Endpoint and user information is obtained through security logs collected by FortiAnalyzer.
      • Monitored Devices: The number of devices onboarding for SOCaaS monitoring.
      • Monitored Endpoints: The number of endpoints detected from FortiGate logs.
      • Monitored Users: The number of users detected from FortiGate logs.
    • The number of logs collected and processed, security events detected, alerts generated and triaged, and incidents confirmed and escalated by the Fortinet SOC team.
      • Processed Logs: Number of logs collected and processed from customer's FortiGate(s).
      • Security Event: Security events filtered and triaged by FortiAnalyzer event handlers, based on the detections in FortiGate logs.
      • Triaged Alerts: Alerts in which a preliminary assessment was completed by the SOC team to determine if the Alerts should be escalated to the customer. These can be false positive or other events that do not require escalation.
      • Escalated Alerts: Alerts that are found to be high or critical risk or severity (malicious or high suspicious) and are escalated to the customer for review and action in the Alerts view.
    Alerts by Severity, Status and SLA These donut charts display information about alerts based on their severity, status, and SLA. Click See details to view more information about the categories present in the charts. These charts are updated in near real-time.
    Open Alerts by Category Displays information about open alerts based on their category. These charts are updated in near real-time.
    Average Log Rate Shows the average log rate received from FortiAnalyzer. This chart is updated daily.
    Log Collection Breakdown Shows the log collection breakdown based on FortiGate event type: System Events, Traffic, and UTM. This chart is updated daily.

    Threat Detection Trend

    Shows the threat detection trend for Security Events, Triaged Alerts, and Escalated Alerts over a period of time. This chart is updated daily.

    Location Map

    The location map is displayed when the location has been specified for at least one managed Fabric device. See My Assets for more information.

    List of Open Alerts

    Displays a list of open alerts which may require your attention. See Viewing a list of open alerts on the dashboard.

    Viewing a list of open alerts on the dashboard

    The List of Open Alerts displays your alerts by the Last Modified date. Click an alert in the list to view the alert details. You can filter the list by clicking the filter icon () in the column heading. To view more pages, click the arrow keys( |< < > >|) at the bottom of the page. In the Affected Endpoint column, + more indicates that there are additional affected endpoints. Refer to the Correlation section in the alert details page for more information on affected endpoints.

    Previous
    Next