Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing the Detection details panel

    Viewing the Detection details panel

    To view the Detection details panel, follow these steps.

    How to view detections
    1. In the FortiDLP Console, do one of the following:
      • To open the panel from the Investigate module:
        1. On the left-hand sidebar, click and do one of the following:
          • To view the panel from the Event streams tab:
            1. Click the Detection event stream.
            2. Select the Events tab.
            3. Select the table row of the relevant detection.
          • To view the panel from the Activity feed tab:
            1. Select the Activity feed tab.
            2. Click Event streams at the top-right of the page.
            3. On the top-right side of the tab, click Event streams and ensure that only the Detection checkbox is selected.
            4. Select the table row of the relevant detection.
      • To open the panel from the Incidents module:
        1. On the left-hand sidebar, click .
        2. Select the table row of the incident related to the detection.
        3. Select the table row of the relevant detection.
      • To open the panel from the Detection reports module:
        1. On the left-hand sidebar, click .
        2. Do one of the following:
          • To view a report of all detections across the organization, click All detections.
          • To view a report of detections for entities that are assigned a flagged label, click Flagged entities reports and then click the relevant label name.
          • To view a custom report of detections, click Custom reports and then click the relevant report name.
          • To view a report of detections for a specific policy group, click Policy group reports and then click the relevant policy group name.
        3. Select the table row of the relevant detection.

      2. The Detection details panel displays.

    2. Optionally, do the following:
      • To add the detection to a case, click Add to case and add the detection to a new or existing case. For detailed information, see Cases.
      • To filter detections by a specific value in the panel or view more information about a value in the panel, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for detections with the same value.
        • Filters the current page for detections without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
        • Opens a policy template configuration within the Policies module.
        • Filters by a value within the Admin console.
      • To filter the current page for detections occurring before, after, or around the same time as the detection in view, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

    Previous
    Next

    Viewing the Detection details panel

    Viewing the Detection details panel

    To view the Detection details panel, follow these steps.

    How to view detections
    1. In the FortiDLP Console, do one of the following:
      • To open the panel from the Investigate module:
        1. On the left-hand sidebar, click and do one of the following:
          • To view the panel from the Event streams tab:
            1. Click the Detection event stream.
            2. Select the Events tab.
            3. Select the table row of the relevant detection.
          • To view the panel from the Activity feed tab:
            1. Select the Activity feed tab.
            2. Click Event streams at the top-right of the page.
            3. On the top-right side of the tab, click Event streams and ensure that only the Detection checkbox is selected.
            4. Select the table row of the relevant detection.
      • To open the panel from the Incidents module:
        1. On the left-hand sidebar, click .
        2. Select the table row of the incident related to the detection.
        3. Select the table row of the relevant detection.
      • To open the panel from the Detection reports module:
        1. On the left-hand sidebar, click .
        2. Do one of the following:
          • To view a report of all detections across the organization, click All detections.
          • To view a report of detections for entities that are assigned a flagged label, click Flagged entities reports and then click the relevant label name.
          • To view a custom report of detections, click Custom reports and then click the relevant report name.
          • To view a report of detections for a specific policy group, click Policy group reports and then click the relevant policy group name.
        3. Select the table row of the relevant detection.

      2. The Detection details panel displays.

    2. Optionally, do the following:
      • To add the detection to a case, click Add to case and add the detection to a new or existing case. For detailed information, see Cases.
      • To filter detections by a specific value in the panel or view more information about a value in the panel, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for detections with the same value.
        • Filters the current page for detections without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
        • Opens a policy template configuration within the Policies module.
        • Filters by a value within the Admin console.
      • To filter the current page for detections occurring before, after, or around the same time as the detection in view, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

    Previous
    Next