Fortinet white logo
Fortinet white logo

View forensic analysis request details

View forensic analysis request details

Click on a forensic analysis request in Forensic Analysis or within the Forensic Analysis tab in an alert to view additional details.

When viewing a forensic analysis request, you can submit comments to the SOCaaS team using the Comments window. To send comments directly to the Forensic Analysis team, you must visit the Forensic Services portal. You can visit to the Forensic Services portal by clicking the link in the Forensic Service Portal field.

The following information is displayed:

Request ID The SOCaaS forensic analysis request ID.
Created On The date the request was submitted.
Last Modified The last date the request was modified.

Description

The description of the submitted forensic analysis request.

Endpoint

The affected endpoint associated with the request.

Status

The status of the request.

Detection Time

The date that the alert associated with this forensic analysis request was initially created.

Requested By

The user that submitted the request.

Alert ID

The ID of the alert associated with this forensic analysis request.

Forensic Service Request

The ID of the forensic analysis request from the Forensic Service portal. You can click the link to view the request directly from the Forensic Service portal or communicate with the forensic service team.

Note

The Forensics team is a different service from SOCaaS. SOCaaS provides the link to help connect the customer to the Forensic Analysis portal, and the request is passed to the Forensics team.

Correlations

Displays correlations for the forensic analysis request, including attachments submitted with alert.

You can add additional attachments by clicking the Add button.

View forensic analysis request details

View forensic analysis request details

Click on a forensic analysis request in Forensic Analysis or within the Forensic Analysis tab in an alert to view additional details.

When viewing a forensic analysis request, you can submit comments to the SOCaaS team using the Comments window. To send comments directly to the Forensic Analysis team, you must visit the Forensic Services portal. You can visit to the Forensic Services portal by clicking the link in the Forensic Service Portal field.

The following information is displayed:

Request ID The SOCaaS forensic analysis request ID.
Created On The date the request was submitted.
Last Modified The last date the request was modified.

Description

The description of the submitted forensic analysis request.

Endpoint

The affected endpoint associated with the request.

Status

The status of the request.

Detection Time

The date that the alert associated with this forensic analysis request was initially created.

Requested By

The user that submitted the request.

Alert ID

The ID of the alert associated with this forensic analysis request.

Forensic Service Request

The ID of the forensic analysis request from the Forensic Service portal. You can click the link to view the request directly from the Forensic Service portal or communicate with the forensic service team.

Note

The Forensics team is a different service from SOCaaS. SOCaaS provides the link to help connect the customer to the Forensic Analysis portal, and the request is passed to the Forensics team.

Correlations

Displays correlations for the forensic analysis request, including attachments submitted with alert.

You can add additional attachments by clicking the Add button.