Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing incidents

    Viewing incidents

    To view incidents within the Incidents module, follow these steps.

    How to view incidents
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Do one of the following:
      • To view open incidents, click and then turn the Hide resolved incidents toggle on.
      • To view open and resolved incidents, click and then turn the Hide resolved incidents toggle off.
    3. Optionally, do the following:
      • To modify the aggregations, select different properties from the menus and/or change the Top 10 default. Top menu options show the most common values for a property and Bottom menu options show you the least common values.
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 incidents on the page.
      • To filter the incidents using a search query:
        1. At the top of the page, click the search bar.
        2. Select a search property from the menu, or type a text string to search for a property and then select it (the panel displays matching properties as you type). For some properties, you can also use the time selector.
        3. Select or type one of the following operators (the options shown are dependent on what you entered at step B):
          • = (equals).
          • != (does not equal).
          • in (in). For example, entering agent.country in ["United States", "United Kingdom"] returns incidents related to nodes that were last located in either the US or the UK.
          • !in (not in). For example, entering user.department !in [Finance, Sales] returns incidents related to nodes with associated users who are not from either the Finance or the Sales department.
          • < (less than).
          • <= (less than or equal to).
          • > (greater than).
          • >= (greater than or equal to).
        4. Type a search string. The search is case insensitive, but strings containing spaces must be wrapped in double quotes—for example, agent.country != "united states".
        5. Do one of the following:
          • To submit your query, press Enter or click Search now.
          • To add another filter:
            1. Click And and repeat the steps above.
            2. Press Enter or click Search now.
              Note

              Only AND logic is supported (not OR logic). However, you can use the in or !in operators to apply OR logic in relation to specific properties. For example, to search for nodes from either the United States or the United Kingdom, enter agent.country in ["United States", "United Kingdom"].

              3. The FortiDLP Console displays incidents matching your criteria.

      • To filter the incidents by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for incidents with the same value.
        • Filters the current page for incidents without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
        • Opens a policy template configuration within the Policies module.
        • Filters by a value within the Admin console.
      • To view an incident more closely on the Incident details page, click the incident’s table row.
    Previous
    Next

    Viewing incidents

    Viewing incidents

    To view incidents within the Incidents module, follow these steps.

    How to view incidents
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Do one of the following:
      • To view open incidents, click and then turn the Hide resolved incidents toggle on.
      • To view open and resolved incidents, click and then turn the Hide resolved incidents toggle off.
    3. Optionally, do the following:
      • To modify the aggregations, select different properties from the menus and/or change the Top 10 default. Top menu options show the most common values for a property and Bottom menu options show you the least common values.
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 incidents on the page.
      • To filter the incidents using a search query:
        1. At the top of the page, click the search bar.
        2. Select a search property from the menu, or type a text string to search for a property and then select it (the panel displays matching properties as you type). For some properties, you can also use the time selector.
        3. Select or type one of the following operators (the options shown are dependent on what you entered at step B):
          • = (equals).
          • != (does not equal).
          • in (in). For example, entering agent.country in ["United States", "United Kingdom"] returns incidents related to nodes that were last located in either the US or the UK.
          • !in (not in). For example, entering user.department !in [Finance, Sales] returns incidents related to nodes with associated users who are not from either the Finance or the Sales department.
          • < (less than).
          • <= (less than or equal to).
          • > (greater than).
          • >= (greater than or equal to).
        4. Type a search string. The search is case insensitive, but strings containing spaces must be wrapped in double quotes—for example, agent.country != "united states".
        5. Do one of the following:
          • To submit your query, press Enter or click Search now.
          • To add another filter:
            1. Click And and repeat the steps above.
            2. Press Enter or click Search now.
              Note

              Only AND logic is supported (not OR logic). However, you can use the in or !in operators to apply OR logic in relation to specific properties. For example, to search for nodes from either the United States or the United Kingdom, enter agent.country in ["United States", "United Kingdom"].

              3. The FortiDLP Console displays incidents matching your criteria.

      • To filter the incidents by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for incidents with the same value.
        • Filters the current page for incidents without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
        • Opens a policy template configuration within the Policies module.
        • Filters by a value within the Admin console.
      • To view an incident more closely on the Incident details page, click the incident’s table row.
    Previous
    Next