Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide
    26.2.0
    26.2.0

    Reports

    Reports

    Overview

    Reports let you communicate compliance and security information from FortiCNAPP to your teams in an automated way. With reports, users can receive compliance and posture security report assessments delivered as PDF files to their inboxes.

    Due to attachment size limits commonly imposed by email services, rather than attempting to attach large reports to emails, a link is sent from where they can download large report files directly.

    By default, FortiCNAPP does not generate reports. To have it start generating and delivering reports, you need to create a report configuration. A report configuration is based on Compliance frameworks. Frameworks determine which policy assessments appear in a report, and are often organized by security benchmarks or areas of common concern. Using report configurations, you can create and customize report contents and properties.

    Reports versus alerts

    Alerts and reports contain the same information about issues detected by FortiCNAPP. Alerts are typically meant to be consumed soon after they occur, and may require immediate action. Alerts can be delivered through all channel types.

    Reports are typically meant to be generated and delivered at regular intervals, such as once per day. They include a predefined information set, such as SOC 2 or NIST assessment results. Reports are delivered through email channels only.

    Alerts facilitate a reactive workflow among security teams and service owners, allowing them to act in response to an event. Reports, on the other hand, facilitate a proactive workflow, allowing teams to discover and address compliance risk before those risks result in an event.

    View report configurations

    As a user with permissions to read reports, you can view report configurations and generated reports by clicking Reports in the left navigation. See Legacy access control overview.

    Report configurations appear in the list. For each report configuration, the list presents a few details, including the resource group and delivery frequency, and information on when the configuration was last modified.

    You can use the following methods to refine the list of report configurations displayed:

    • Use filters to display a subset of specific reports. Click the filter groups along the top of the page to display the list of filters associated with the selected filter group, then select the filters that you want to apply.

    • Use the search function at the top of the page to find a subset of specific reports.

    • Use the time filter to display a subset of specific reports based on their report time, that is, when they were generated. When you select a certain time frame, the Last run date changes to reflect the last run of this report configuration within the selected time frame. So, for example, if you select the previous week for the time frame, the Last run date shows the last day on which the report was generated.

    The ability to view reports are subject to Lacework FortiCNAPP access controls, in particular, access permissions for the resource groups in the report configuration. You can only view reports that cover resources to which you have permissions. See Legacy access control overview.

    View reports

    To see an individual report, click on a report configuration. By default, the latest report appears. You can view previous instances of the report by choosing an earlier date. When you choose an earlier date, that latest version of the report up to that date and time appears.

    You can view previous instances of the report by clicking Report history. FortiCNAPP retains generated reports for 90 days. If your report retention requirements exceed 90 days, you should download and archive the reports.

    Report history is only available for reports that reflect a single account. For cross-account reports, the report history is disabled.

    You can also preview and download reports directly from the details view of a framework in the Cloud Compliance Dashboard. To view a report by framework there, click the framework and then click Preview Report. See Cloud Compliance Dashboard.

    It may take a minute or two for the report preview to appear. The report preview displays a subset of the policy assessments that make up the entire report, from only two accounts by default. You can download the report in PDF or CSV format to see the entire report.

    About report configurations

    By default, FortiCNAPP does not generate or deliver reports. To enable reports, you need to create a report configuration.

    A report configuration specifies a set of policies and a user group and email notification channel on which to distribute the report. Before following these steps, make sure that the email notification channels, resource groups, and user groups are already configured.

    You should also choose the framework on which to base the reports. You can view available frameworks from the Cloud Compliance dashboard, where you can also modify or create assessments or preview reports.

    A report can include policy assessment results from multiple AWS accounts, GCP projects, Azure tenants, or OCI compartments. However, reports are limited to 300 accounts, projects, tenants, or compartments. Attempting to exceed this limit results in a report generation error. Individual policy assessments within a report appear in alphabetical order by account.

    Creating report configurations

    You create report configurations from frameworks.

    To create a custom report configuration:

    1. As a user with reports write permission, go to Reports.

    2. Click Configure report.

    3. Select the framework on which you want to base the report. Any framework that appears in the Cloud Compliance Dashboard is available for use as a report template.

    4. Enter a name for the custom report configuration.

    5. Specify what resource assessment results will appear in reports using the content filter settings, as follows:

      • Data scope: Use the dialog to choose what resource assessment results appear in the report by resource group or cloud account. The resource groups available for selection are constricted by the type of template you chose. That is, if you choose an AWS-based template, resource groups for other cloud providers are not available. You can choose a user group to narrow the resource group selection to those groups that the selected user group has permissions for.
      • Severity: Choose the severity-level of the policies to be included in the report. If you remove Medium severity, for example, the evaluation results of policies with medium severity are excluded from the generated reports.
      • Status: Refers to the evaluation result of each policy. By default, all statuses are included in the report. Exclude results by status by removing the status from the field. For more information, see Status definitions.

    6. Configure the delivery settings for the reports generated from this configuration:

      • Email channel: Choose one or more email channel on which to distribute the report. Email channels can be any email address or distribution list, and is not limited to those associated with a FortiCNAPP user account. Be sure to consider the sensitivity of the content generated by the report when choosing recipients.
      • Delivery frequency: Select the frequency with which report are delivered. Note that the time of report assessment is controlled by the compliance report schedule time, which is daily at 12 PM GMT, by default. See General.

    7. Click Create.

    The report now appears in the reports list. It will be evaluated and distributed at the next report evaluation cycle. You can modify the default evaluation time in the Settings > Configuration > General page. See General.

    You can preview a report by clicking on the report configuration. It may take a minute or two for the report to appear. The report preview displays a subset of the policy assessments that make up the entire report, from only two accounts by default. You can download the report in PDF format to see the entire report.

    You can modify the report configuration settings at any point, or disable the report. Disabling a report retains the configuration and historical reports (up to 90 days old), but prevents new reports from being generated.

    Status definitions

    A report is made up of a collection of policy assessment results. Each assessment includes the following details:

    Column Description
    ID The FortiCNAPP identifier for the policy associated with each compliance assessment.

    You can see the mapping of FortiCNAPP IDs to benchmark-defined IDs under Compliance Frameworks. For example, for the CIS AWS 1.4.0 Benchmark report, the Lacework policy ID that corresponds to each CIS AWS 1.4.0 rule is listed on CIS AWS 1.4.0 Benchmark.
    Policy A description of the policy.
    Status

    The result of each policy assessment for this report is as follows:

    • status-non-compliant.png For the assessment in the selected report, this policy was not in compliance.

    • status-compliant.png For the assessment in the selected report, this policy was in compliance.

    • status-suppressed.png For the assessment in the selected report, this policy was omitted as an exception.

    • Manual: There is no way to determine if the policy is in compliance because the configuration status cannot be retrieved. You may want to manually check compliance directly in your cloud account.

    • Could Not Assess: FortiCNAPP encountered a problem while attempting to assess this policy. This status can result from insufficient privileges for the Lacework role while conducting a compliance assessment. If this status appears intermittently, it may be related to API availability or rate limiting affecting FortiCNAPP's ability to query the AWS IAM credentials report.
    Severity The severity of the policy: Critical, High, Medium, Low or Info.
    Affected The total number of resources assessed as non-compliant (failed) for this policy.
    Assessed The total number of resources assessed for this policy.

    If you configure multiple AWS accounts to use a single CloudTrail associated with a single AWS organization, FortiCNAPP correctly accesses the compliance status across the accounts. However, the Affected and Assessed counts may be reported as 0.

    For example, under Logging, the AWS_CIS_2_1 - Ensure CloudTrail is enabled in all regions policy may be reported as compliant but Affected and Assessed counts report as 0.

    Previous
    Next

    Reports

    Reports

    Overview

    Reports let you communicate compliance and security information from FortiCNAPP to your teams in an automated way. With reports, users can receive compliance and posture security report assessments delivered as PDF files to their inboxes.

    Due to attachment size limits commonly imposed by email services, rather than attempting to attach large reports to emails, a link is sent from where they can download large report files directly.

    By default, FortiCNAPP does not generate reports. To have it start generating and delivering reports, you need to create a report configuration. A report configuration is based on Compliance frameworks. Frameworks determine which policy assessments appear in a report, and are often organized by security benchmarks or areas of common concern. Using report configurations, you can create and customize report contents and properties.

    Reports versus alerts

    Alerts and reports contain the same information about issues detected by FortiCNAPP. Alerts are typically meant to be consumed soon after they occur, and may require immediate action. Alerts can be delivered through all channel types.

    Reports are typically meant to be generated and delivered at regular intervals, such as once per day. They include a predefined information set, such as SOC 2 or NIST assessment results. Reports are delivered through email channels only.

    Alerts facilitate a reactive workflow among security teams and service owners, allowing them to act in response to an event. Reports, on the other hand, facilitate a proactive workflow, allowing teams to discover and address compliance risk before those risks result in an event.

    View report configurations

    As a user with permissions to read reports, you can view report configurations and generated reports by clicking Reports in the left navigation. See Legacy access control overview.

    Report configurations appear in the list. For each report configuration, the list presents a few details, including the resource group and delivery frequency, and information on when the configuration was last modified.

    You can use the following methods to refine the list of report configurations displayed:

    • Use filters to display a subset of specific reports. Click the filter groups along the top of the page to display the list of filters associated with the selected filter group, then select the filters that you want to apply.

    • Use the search function at the top of the page to find a subset of specific reports.

    • Use the time filter to display a subset of specific reports based on their report time, that is, when they were generated. When you select a certain time frame, the Last run date changes to reflect the last run of this report configuration within the selected time frame. So, for example, if you select the previous week for the time frame, the Last run date shows the last day on which the report was generated.

    The ability to view reports are subject to Lacework FortiCNAPP access controls, in particular, access permissions for the resource groups in the report configuration. You can only view reports that cover resources to which you have permissions. See Legacy access control overview.

    View reports

    To see an individual report, click on a report configuration. By default, the latest report appears. You can view previous instances of the report by choosing an earlier date. When you choose an earlier date, that latest version of the report up to that date and time appears.

    You can view previous instances of the report by clicking Report history. FortiCNAPP retains generated reports for 90 days. If your report retention requirements exceed 90 days, you should download and archive the reports.

    Report history is only available for reports that reflect a single account. For cross-account reports, the report history is disabled.

    You can also preview and download reports directly from the details view of a framework in the Cloud Compliance Dashboard. To view a report by framework there, click the framework and then click Preview Report. See Cloud Compliance Dashboard.

    It may take a minute or two for the report preview to appear. The report preview displays a subset of the policy assessments that make up the entire report, from only two accounts by default. You can download the report in PDF or CSV format to see the entire report.

    About report configurations

    By default, FortiCNAPP does not generate or deliver reports. To enable reports, you need to create a report configuration.

    A report configuration specifies a set of policies and a user group and email notification channel on which to distribute the report. Before following these steps, make sure that the email notification channels, resource groups, and user groups are already configured.

    You should also choose the framework on which to base the reports. You can view available frameworks from the Cloud Compliance dashboard, where you can also modify or create assessments or preview reports.

    A report can include policy assessment results from multiple AWS accounts, GCP projects, Azure tenants, or OCI compartments. However, reports are limited to 300 accounts, projects, tenants, or compartments. Attempting to exceed this limit results in a report generation error. Individual policy assessments within a report appear in alphabetical order by account.

    Creating report configurations

    You create report configurations from frameworks.

    To create a custom report configuration:

    1. As a user with reports write permission, go to Reports.

    2. Click Configure report.

    3. Select the framework on which you want to base the report. Any framework that appears in the Cloud Compliance Dashboard is available for use as a report template.

    4. Enter a name for the custom report configuration.

    5. Specify what resource assessment results will appear in reports using the content filter settings, as follows:

      • Data scope: Use the dialog to choose what resource assessment results appear in the report by resource group or cloud account. The resource groups available for selection are constricted by the type of template you chose. That is, if you choose an AWS-based template, resource groups for other cloud providers are not available. You can choose a user group to narrow the resource group selection to those groups that the selected user group has permissions for.
      • Severity: Choose the severity-level of the policies to be included in the report. If you remove Medium severity, for example, the evaluation results of policies with medium severity are excluded from the generated reports.
      • Status: Refers to the evaluation result of each policy. By default, all statuses are included in the report. Exclude results by status by removing the status from the field. For more information, see Status definitions.

    6. Configure the delivery settings for the reports generated from this configuration:

      • Email channel: Choose one or more email channel on which to distribute the report. Email channels can be any email address or distribution list, and is not limited to those associated with a FortiCNAPP user account. Be sure to consider the sensitivity of the content generated by the report when choosing recipients.
      • Delivery frequency: Select the frequency with which report are delivered. Note that the time of report assessment is controlled by the compliance report schedule time, which is daily at 12 PM GMT, by default. See General.

    7. Click Create.

    The report now appears in the reports list. It will be evaluated and distributed at the next report evaluation cycle. You can modify the default evaluation time in the Settings > Configuration > General page. See General.

    You can preview a report by clicking on the report configuration. It may take a minute or two for the report to appear. The report preview displays a subset of the policy assessments that make up the entire report, from only two accounts by default. You can download the report in PDF format to see the entire report.

    You can modify the report configuration settings at any point, or disable the report. Disabling a report retains the configuration and historical reports (up to 90 days old), but prevents new reports from being generated.

    Status definitions

    A report is made up of a collection of policy assessment results. Each assessment includes the following details:

    Column Description
    ID The FortiCNAPP identifier for the policy associated with each compliance assessment.

    You can see the mapping of FortiCNAPP IDs to benchmark-defined IDs under Compliance Frameworks. For example, for the CIS AWS 1.4.0 Benchmark report, the Lacework policy ID that corresponds to each CIS AWS 1.4.0 rule is listed on CIS AWS 1.4.0 Benchmark.
    Policy A description of the policy.
    Status

    The result of each policy assessment for this report is as follows:

    • status-non-compliant.png For the assessment in the selected report, this policy was not in compliance.

    • status-compliant.png For the assessment in the selected report, this policy was in compliance.

    • status-suppressed.png For the assessment in the selected report, this policy was omitted as an exception.

    • Manual: There is no way to determine if the policy is in compliance because the configuration status cannot be retrieved. You may want to manually check compliance directly in your cloud account.

    • Could Not Assess: FortiCNAPP encountered a problem while attempting to assess this policy. This status can result from insufficient privileges for the Lacework role while conducting a compliance assessment. If this status appears intermittently, it may be related to API availability or rate limiting affecting FortiCNAPP's ability to query the AWS IAM credentials report.
    Severity The severity of the policy: Critical, High, Medium, Low or Info.
    Affected The total number of resources assessed as non-compliant (failed) for this policy.
    Assessed The total number of resources assessed for this policy.

    If you configure multiple AWS accounts to use a single CloudTrail associated with a single AWS organization, FortiCNAPP correctly accesses the compliance status across the accounts. However, the Affected and Assessed counts may be reported as 0.

    For example, under Logging, the AWS_CIS_2_1 - Ensure CloudTrail is enabled in all regions policy may be reported as compliant but Affected and Assessed counts report as 0.

    Previous
    Next