Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Alert

FortiCWP aims to grant users the ability to manage policy triggered alerts. It provides flexibility for you to determine alert status, such as leaving the alerts open or dismissed thus reducing the amount of alerts in Alert page.

Prerequisite

The prerequisite to generate alerts is to enable and configure security policies required by your organization. For more details on configuring policies, please refer to Policy Configuration

Accessing Alert

Follow these steps to view alerts.

  1. From FortiCWP navigation pane on the left, click Alert.
  2. Filter alerts through account type, alert states, severity level, activity, etc.
  3. Click on any of the alert will show alert summary, policy name, object, severity level, created date and last updated date.
  4. Click on Policy Name will show the related policy.
  5. Click on Object will show detailed information on the cloud resource in Resource page.

Types of Alert State

Alert state is the second filter from the top row. Click on the drop down menu to choose one of the alert state.

Alert States and Descriptions:

Open- New violation found for the given resource and policy pair.

Resolved- The policy violation became not applicable anymore due to change of policy or resource. "Resolved" state can only be changed by FortiCWP automatically.

Dismissed- User can manually dismissed the alert, but the violation may still exist. "Dismissed" state can only be changed by users.

Acknowledged- For DLP, compliance, threat protection policies, users can only change the alert state to "Acknowledged".

Alert States Transition Table

Alert states can be changed either manually or automatically by FortiCWP depending on the initial alert state and policy. Below are tables of current states alerts with the available transitional state per policy type.

 

Risk assessment

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Resolved

Policy updated

automatic

Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list.

Policy disabled

automatic

Policy was disabled which led to termination of scanning and previously triggered alerts would disappear.

Resource updated

automatic

Resource configuration was updated to fix the violation.

Resource deleted

automatic

Resource was deleted.

Dismissed

User action

manual

User manually dismiss the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Resolved

Open

Policy updated

automatic

Policy was updated, e.g. the resource was removed from policy allow list.

Policy enabled

automatic

Policy was enabled again. New Scanning resumed and previously triggered alert will appear again.

Network

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismissed

User action

manual

User manually dismissed the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Integration

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismissed

User action

manual

User manually dismissed the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Threat Protection

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given policy.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.

 

Data Analysis

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.

 

Compliance

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.

 

 

 

 

 

 

 

 

 

 

 

 

 

Alert

FortiCWP aims to grant users the ability to manage policy triggered alerts. It provides flexibility for you to determine alert status, such as leaving the alerts open or dismissed thus reducing the amount of alerts in Alert page.

Prerequisite

The prerequisite to generate alerts is to enable and configure security policies required by your organization. For more details on configuring policies, please refer to Policy Configuration

Accessing Alert

Follow these steps to view alerts.

  1. From FortiCWP navigation pane on the left, click Alert.
  2. Filter alerts through account type, alert states, severity level, activity, etc.
  3. Click on any of the alert will show alert summary, policy name, object, severity level, created date and last updated date.
  4. Click on Policy Name will show the related policy.
  5. Click on Object will show detailed information on the cloud resource in Resource page.

Types of Alert State

Alert state is the second filter from the top row. Click on the drop down menu to choose one of the alert state.

Alert States and Descriptions:

Open- New violation found for the given resource and policy pair.

Resolved- The policy violation became not applicable anymore due to change of policy or resource. "Resolved" state can only be changed by FortiCWP automatically.

Dismissed- User can manually dismissed the alert, but the violation may still exist. "Dismissed" state can only be changed by users.

Acknowledged- For DLP, compliance, threat protection policies, users can only change the alert state to "Acknowledged".

Alert States Transition Table

Alert states can be changed either manually or automatically by FortiCWP depending on the initial alert state and policy. Below are tables of current states alerts with the available transitional state per policy type.

 

Risk assessment

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Resolved

Policy updated

automatic

Policy was updated which caused the violation not applicable, e.g. the resource was added into policy allow list.

Policy disabled

automatic

Policy was disabled which led to termination of scanning and previously triggered alerts would disappear.

Resource updated

automatic

Resource configuration was updated to fix the violation.

Resource deleted

automatic

Resource was deleted.

Dismissed

User action

manual

User manually dismiss the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Resolved

Open

Policy updated

automatic

Policy was updated, e.g. the resource was removed from policy allow list.

Policy enabled

automatic

Policy was enabled again. New Scanning resumed and previously triggered alert will appear again.

Network

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismissed

User action

manual

User manually dismissed the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Integration

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Dismissed

User action

manual

User manually dismissed the alert.

Dismissed

Open

User action

manual

User manually reopened the alert.

Threat Protection

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given policy.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.

 

Data Analysis

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.

 

Compliance

Current State

Next State

Action

Policy Control

Description

None

Open

Alert triggered

automatic

New violation found for the given resource and policy pair.

Open

Acknowledged

User action

manual

User manually marked the alert as acknowledged.