Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing the Nodes table

    Viewing the Nodes table

    To view the Nodes module's Table tab, follow these steps.

    How to view the nodes Table
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Table tab.
    3. Optionally, do the following:
      • To view archived nodes, on the top-right corner of the page, click and then turn the Hide archived nodes toggle off.
        • Tooltip

        You can find detailed information relating to Agent archiving in the FortiDLP Administration Guide.

      • To filter nodes by entering a search query:
        1. Click the search bar.
        2. Select a search property from the menu, or type a text string to search for a property and then select it (the panel displays matching nodes, labels, and properties as you type). For some properties, you can also use the time selector.
          3. Tooltip

          You can hover over any property in the menu to view a tooltip.

        3. Select or type one of the following operators (the options shown are dependent on what you entered at step b):
          • = (equals).
          • != (does not equal).
          • in (in). For example, entering country in ["United States", "United Kingdom"] returns nodes that were last located in either the US or the UK.
          • !in (not in). For example, entering user.department !in [Finance, Sales] returns nodes with associated users who are not from either the Finance or the Sales department.
          • < (less than).
          • <= (less than or equal to).
          • > (greater than).
          • >= (greater than or equal to).
        4. Type a search string. The search is case insensitive, but strings containing spaces must be wrapped in double quotes—for example, country != "united states".
        5. Do one of the following:
          • To submit your query, press Enter or click Search now.
          • To add another filter:
            1. Click And and repeat the steps above.
            2. Press Enter or click Search now.
              Note

              Multiple filters can be used to perform AND searches. OR searches are not supported. However, you can use the in or !in operators to apply OR logic in relation to specific properties. For example, to search for nodes from either the United States or the United Kingdom, enter country in ["United States", "United Kingdom"].

      • To filter by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for nodes with the same value.
        • Filters the current page for nodes without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Admin console.
      • To modify the table:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 nodes on the page.
      • To view more information about a node on the Node profile page, select its table row.
      • To request a scoped investigation:
        1. At the end of the node's row, click> Request investigation.
        2. Follow the detailed guidance in Scoped investigations.
      • To edit labels:
        • To assign/unassign labels to/from one node:
          1. At the end of the node's row, click> Edit labels.
          2. In the Edit labels dialog box, select/deselect the relevant labels. You can also click Create new label and create a new label to assign to the node.
          3. Click Assign labels.
        • To assign labels to multiple nodes:
          1. Filter the tab so that only the nodes you want to assign labels to are in view.
          2. At the top of the page, click Assign labels.
          3. In the Assign labels dialog box, select the labels to assign.
          4. Click Assign labels.
        • To unassign labels from multiple nodes:
          1. Filter the tab so that only the nodes you want to unassign labels from are in view.
          2. At the top of the page, click> Unassign labels.
          3. In the Unassign labels dialog box, select the labels to unassign.
          4. Click Unassign labels.
      • To archive/unarchive one or more nodes:
        • To archive/unarchive one node:
          1. At the end of the node's row, click> Archive node/Unarchive node.
          2. If you are archiving the node, in the dialog box, type the archiving reason.
          3. Click Archive/Unarchive.
        • To archive/unarchive multiple nodes:
          1. Filter the nodes so that only those you want to archive/unarchive are in view.
          2. At the top of the page, click> Archive nodes/Unarchive nodes.
          3. If you are archiving the nodes, in the dialog box, type a reason for archiving them.
          4. Click Archive/Unarchive.
      • To perform an action on a node:
        1. At the end of the node's row, click> Perform actions.
        2. Follow the detailed guidance in Actions for the relevant action type.
      • To view a node's Agent configuration:
        1. At the end of the node's row, click> Show Agent configuration.
        2. Optionally, to view the configuration for a combination of the node and an associated user, from the Associated users list, select a user. The user's labels will be added to the node's labels, and the configuration will be recalculated.
      • To a view a node's configured policies:
        1. At the end of the node's row, click> Show configured policies.

          Configured policies are matched and shown based on a preselected value in the Associated user menu.
          Note

          Configured policies displayed in this modal reflect the current state of all policies that have been configured in the FortiDLP Console, rather than the state of policies that have been applied by the Agent. Therefore, results could include unpublished changes saved to a policy or policy group.

          Resulting labels are the labels assigned to a user or user and node combination. If all/any of the resulting labels can be matched to the labels of a policy group, policies belonging to the group will be shown in the table.

          2. Tooltip

          Keep the following in mind:

          • If no users are associated with the node, <none> will be preselected, and only the node's labels will be included.
          • If one user is associated with the node, the user will be preselected, and the user's labels will be added to the node's labels.
          • If at least two users are associated with the node, the most recently active user will be preselected, and that user's labels will be added to the node's labels.
        2. Optionally, do the following:
          • To view configured policies for a node and user combination, from the Associated user menu, select a user.
          • To view configured policies for the node, from the Associated user menu, select <none>.
          • To modify the table columns:
            1. Click Columns.
            2. Select/deselect relevant checkboxes.
          • To filter policy results:
            1. Click next to a column title.
            2. Select/deselect relevant checkboxes.
            3. Click Apply (if applicable).
          • To search for configured policies, type into the Configured policies search bar. If the search value matches a policy's name or tag, the policy will remain in the table.
          • To view a policy's detections, at the end of the policy's row, click > View in Investigate.
          • To view a policy's incidents (if applicable), at the end of the policy's row, click > View in Incidents.
          • To view a policy's template, at the end of the policy's row, click > View in Policies.
          • To view a policy's audit logs, at the end of the policy's row, click > View in Audit log.
      • To go to the Admin console's Agent deployment tab, at the top of the page, click> Enroll new Agents.
      • To go to the Admin console's Agent configuration tab, at the top of the page, click> Configure Agents.
      • To export nodes, see Exporting nodes.
    Previous
    Next

    Viewing the Nodes table

    Viewing the Nodes table

    To view the Nodes module's Table tab, follow these steps.

    How to view the nodes Table
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Table tab.
    3. Optionally, do the following:
      • To view archived nodes, on the top-right corner of the page, click and then turn the Hide archived nodes toggle off.
        • Tooltip

        You can find detailed information relating to Agent archiving in the FortiDLP Administration Guide.

      • To filter nodes by entering a search query:
        1. Click the search bar.
        2. Select a search property from the menu, or type a text string to search for a property and then select it (the panel displays matching nodes, labels, and properties as you type). For some properties, you can also use the time selector.
          3. Tooltip

          You can hover over any property in the menu to view a tooltip.

        3. Select or type one of the following operators (the options shown are dependent on what you entered at step b):
          • = (equals).
          • != (does not equal).
          • in (in). For example, entering country in ["United States", "United Kingdom"] returns nodes that were last located in either the US or the UK.
          • !in (not in). For example, entering user.department !in [Finance, Sales] returns nodes with associated users who are not from either the Finance or the Sales department.
          • < (less than).
          • <= (less than or equal to).
          • > (greater than).
          • >= (greater than or equal to).
        4. Type a search string. The search is case insensitive, but strings containing spaces must be wrapped in double quotes—for example, country != "united states".
        5. Do one of the following:
          • To submit your query, press Enter or click Search now.
          • To add another filter:
            1. Click And and repeat the steps above.
            2. Press Enter or click Search now.
              Note

              Multiple filters can be used to perform AND searches. OR searches are not supported. However, you can use the in or !in operators to apply OR logic in relation to specific properties. For example, to search for nodes from either the United States or the United Kingdom, enter country in ["United States", "United Kingdom"].

      • To filter by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for nodes with the same value.
        • Filters the current page for nodes without the value.
        • Copies a value to your clipboard.
        • Filters by a value within the Investigate module.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Admin console.
      • To modify the table:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 nodes on the page.
      • To view more information about a node on the Node profile page, select its table row.
      • To request a scoped investigation:
        1. At the end of the node's row, click> Request investigation.
        2. Follow the detailed guidance in Scoped investigations.
      • To edit labels:
        • To assign/unassign labels to/from one node:
          1. At the end of the node's row, click> Edit labels.
          2. In the Edit labels dialog box, select/deselect the relevant labels. You can also click Create new label and create a new label to assign to the node.
          3. Click Assign labels.
        • To assign labels to multiple nodes:
          1. Filter the tab so that only the nodes you want to assign labels to are in view.
          2. At the top of the page, click Assign labels.
          3. In the Assign labels dialog box, select the labels to assign.
          4. Click Assign labels.
        • To unassign labels from multiple nodes:
          1. Filter the tab so that only the nodes you want to unassign labels from are in view.
          2. At the top of the page, click> Unassign labels.
          3. In the Unassign labels dialog box, select the labels to unassign.
          4. Click Unassign labels.
      • To archive/unarchive one or more nodes:
        • To archive/unarchive one node:
          1. At the end of the node's row, click> Archive node/Unarchive node.
          2. If you are archiving the node, in the dialog box, type the archiving reason.
          3. Click Archive/Unarchive.
        • To archive/unarchive multiple nodes:
          1. Filter the nodes so that only those you want to archive/unarchive are in view.
          2. At the top of the page, click> Archive nodes/Unarchive nodes.
          3. If you are archiving the nodes, in the dialog box, type a reason for archiving them.
          4. Click Archive/Unarchive.
      • To perform an action on a node:
        1. At the end of the node's row, click> Perform actions.
        2. Follow the detailed guidance in Actions for the relevant action type.
      • To view a node's Agent configuration:
        1. At the end of the node's row, click> Show Agent configuration.
        2. Optionally, to view the configuration for a combination of the node and an associated user, from the Associated users list, select a user. The user's labels will be added to the node's labels, and the configuration will be recalculated.
      • To a view a node's configured policies:
        1. At the end of the node's row, click> Show configured policies.

          Configured policies are matched and shown based on a preselected value in the Associated user menu.
          Note

          Configured policies displayed in this modal reflect the current state of all policies that have been configured in the FortiDLP Console, rather than the state of policies that have been applied by the Agent. Therefore, results could include unpublished changes saved to a policy or policy group.

          Resulting labels are the labels assigned to a user or user and node combination. If all/any of the resulting labels can be matched to the labels of a policy group, policies belonging to the group will be shown in the table.

          2. Tooltip

          Keep the following in mind:

          • If no users are associated with the node, <none> will be preselected, and only the node's labels will be included.
          • If one user is associated with the node, the user will be preselected, and the user's labels will be added to the node's labels.
          • If at least two users are associated with the node, the most recently active user will be preselected, and that user's labels will be added to the node's labels.
        2. Optionally, do the following:
          • To view configured policies for a node and user combination, from the Associated user menu, select a user.
          • To view configured policies for the node, from the Associated user menu, select <none>.
          • To modify the table columns:
            1. Click Columns.
            2. Select/deselect relevant checkboxes.
          • To filter policy results:
            1. Click next to a column title.
            2. Select/deselect relevant checkboxes.
            3. Click Apply (if applicable).
          • To search for configured policies, type into the Configured policies search bar. If the search value matches a policy's name or tag, the policy will remain in the table.
          • To view a policy's detections, at the end of the policy's row, click > View in Investigate.
          • To view a policy's incidents (if applicable), at the end of the policy's row, click > View in Incidents.
          • To view a policy's template, at the end of the policy's row, click > View in Policies.
          • To view a policy's audit logs, at the end of the policy's row, click > View in Audit log.
      • To go to the Admin console's Agent deployment tab, at the top of the page, click> Enroll new Agents.
      • To go to the Admin console's Agent configuration tab, at the top of the page, click> Configure Agents.
      • To export nodes, see Exporting nodes.
    Previous
    Next