Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing event streams

    Viewing event streams

    Refer to these instructions to view event streams.

    How to view event streams
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
    5. Optionally, do the following:
      • To show/hide the sections shown on the page;
        1. At the top-right corner of the page, click Page view.
        2. Select a section checkbox to show it, or deselect it to hide it.
      • To modify aggregations, in the Aggregations section, do the following:
        • To modify the layout of aggregations, click Grid or Strip.
          Note These settings are applied if your screen size is not large enough to fit all aggregations. Grid will display aggregations in two or more rows, and Strip will display them in one scrollable row.
        • To modify the information displayed in an aggregation widget, click a menu and select a new value. Top menu options show the most common values for a property and Bottom menu options show you the least common values.
        • To create an aggregation:
          1. Click Add.
          2. In the new aggregation widget, select a term and optionally a Top or Bottom value.
        • To delete an aggregation, at the top-right corner of an aggregation widget, click> Delete.
      • To modify the events table, in the Events section do the following:
        • To modify the table columns:
          • To make a custom selection, click Columns and select/deselect checkboxes.
          • To create a default selection that can be used in future login sessions:
            1. Click Columns and select/deselect the relevant checkboxes.
            2. Click Set new default.
            3. Select the My default radio button to use the selection.
        • To change the number of events shown in the table, change the Items/page default. You can show 50, 100, or 500 events on the page.
      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event’s table row.
    Previous
    Next

    Viewing event streams

    Viewing event streams

    Refer to these instructions to view event streams.

    How to view event streams
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
    5. Optionally, do the following:
      • To show/hide the sections shown on the page;
        1. At the top-right corner of the page, click Page view.
        2. Select a section checkbox to show it, or deselect it to hide it.
      • To modify aggregations, in the Aggregations section, do the following:
        • To modify the layout of aggregations, click Grid or Strip.
          Note These settings are applied if your screen size is not large enough to fit all aggregations. Grid will display aggregations in two or more rows, and Strip will display them in one scrollable row.
        • To modify the information displayed in an aggregation widget, click a menu and select a new value. Top menu options show the most common values for a property and Bottom menu options show you the least common values.
        • To create an aggregation:
          1. Click Add.
          2. In the new aggregation widget, select a term and optionally a Top or Bottom value.
        • To delete an aggregation, at the top-right corner of an aggregation widget, click> Delete.
      • To modify the events table, in the Events section do the following:
        • To modify the table columns:
          • To make a custom selection, click Columns and select/deselect checkboxes.
          • To create a default selection that can be used in future login sessions:
            1. Click Columns and select/deselect the relevant checkboxes.
            2. Click Set new default.
            3. Select the My default radio button to use the selection.
        • To change the number of events shown in the table, change the Items/page default. You can show 50, 100, or 500 events on the page.
      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event’s table row.
    Previous
    Next