Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Assigning scoped investigations

    Assigning scoped investigations

    As an approver, you can assign scoped investigations to investigators from the Scoped investigations tab, or Incidents, Users, or Nodes modules as follows.

    Note

    Approvers are not permitted to assign investigations to themselves.
    How to assign a scoped investigation
    1. In the FortiDLP Console, do one of the following:
      • To assign an investigation from the Scoped investigations tab:
        1. On the left-hand sidebar, click .
        2. Under General, select the Scoped investigations tab.
        3. At the top of the page, click Assign investigation.
      • To assign an investigation from the Incidents module:
        1. On the left-hand sidebar, click .
        2. At the end of the incident's table row, click> Assign investigation.
          3. Tooltip

          You can also click an incident's table row to assign the investigation from the Incident details page.


      • To assign an investigation from the Users module:
        1. On the left-hand sidebar, click .
        2. At the end of the user's table row, click> Assign investigation.
      • To assign an investigation from the Nodes module:
        1. On the left-hand sidebar, click .
        2. Filter for the relevant node. For guidance on this, see Nodes.
        3. In the Table tab, at the end of the node's table row, click> Assign investigation.
          4. Tooltip

          You can also click a node's table row to assign the investigation from the Node profile page.

    2. In the Assign investigation dialog box, do the following:
      1. In the Investigation name field, type a name to identify the investigation. (If you performed step 1 from the Incidents module, the incident's description will be prepopulated, but you can edit this.)
      2. In the Operator menu, select the operator to assign to the investigation.
      3. In the Scoped users list, select the users to investigate, a maximum of 20. (If you performed step 1 from the Incidents module or the Users module, the corresponding user(s) will be preselected.)
      4. In the Scoped nodes list, select the nodes to investigate, a maximum of 20. (If you performed step 1 from the Nodes module, the node's hostname will be preselected.)
      5. In the Scoped event streams list, select the event streams to investigate. By default, all event streams will be preselected.
      6. Set the time range of the events to investigate:
        • To limit the time range, keep the Limit time range toggle on and either select a time preset or enter a custom time range.
        • To place no limit on the time range, turn the Limit time range toggle off.
      7. In the Investigation reason field, type the investigation reason.
      8. Click Next.
      9. Set the expiry of the investigation by either selecting a time preset or entering a custom expiry.
      10. Click Assign investigation.
    Previous
    Next

    Assigning scoped investigations

    Assigning scoped investigations

    As an approver, you can assign scoped investigations to investigators from the Scoped investigations tab, or Incidents, Users, or Nodes modules as follows.

    Note

    Approvers are not permitted to assign investigations to themselves.
    How to assign a scoped investigation
    1. In the FortiDLP Console, do one of the following:
      • To assign an investigation from the Scoped investigations tab:
        1. On the left-hand sidebar, click .
        2. Under General, select the Scoped investigations tab.
        3. At the top of the page, click Assign investigation.
      • To assign an investigation from the Incidents module:
        1. On the left-hand sidebar, click .
        2. At the end of the incident's table row, click> Assign investigation.
          3. Tooltip

          You can also click an incident's table row to assign the investigation from the Incident details page.


      • To assign an investigation from the Users module:
        1. On the left-hand sidebar, click .
        2. At the end of the user's table row, click> Assign investigation.
      • To assign an investigation from the Nodes module:
        1. On the left-hand sidebar, click .
        2. Filter for the relevant node. For guidance on this, see Nodes.
        3. In the Table tab, at the end of the node's table row, click> Assign investigation.
          4. Tooltip

          You can also click a node's table row to assign the investigation from the Node profile page.

    2. In the Assign investigation dialog box, do the following:
      1. In the Investigation name field, type a name to identify the investigation. (If you performed step 1 from the Incidents module, the incident's description will be prepopulated, but you can edit this.)
      2. In the Operator menu, select the operator to assign to the investigation.
      3. In the Scoped users list, select the users to investigate, a maximum of 20. (If you performed step 1 from the Incidents module or the Users module, the corresponding user(s) will be preselected.)
      4. In the Scoped nodes list, select the nodes to investigate, a maximum of 20. (If you performed step 1 from the Nodes module, the node's hostname will be preselected.)
      5. In the Scoped event streams list, select the event streams to investigate. By default, all event streams will be preselected.
      6. Set the time range of the events to investigate:
        • To limit the time range, keep the Limit time range toggle on and either select a time preset or enter a custom time range.
        • To place no limit on the time range, turn the Limit time range toggle off.
      7. In the Investigation reason field, type the investigation reason.
      8. Click Next.
      9. Set the expiry of the investigation by either selecting a time preset or entering a custom expiry.
      10. Click Assign investigation.
    Previous
    Next