Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing event streams

    Viewing event streams

    Refer to these instructions to view event streams in either the Aggregations tab or the Events tab.

    How to view Event streams in the Aggregations tab
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
      The Aggregations tab will be preselected.
    5. Optionally, do the following:
      • To modify the information displayed in a widget, click a menu and select a new value. Top menu options show the most common values for a property and Bottom menu options show you the least common values.

      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To view an event more closely in the Event details panel, click the event’s table row.
    How to view Event streams in the Events tab
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
      The Aggregations tab will be preselected.
    5. Select the Events tab.
    6. Optionally, do the following:
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 50, 100, or 500 events on the page.
      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event’s table row.
    Previous
    Next

    Viewing event streams

    Viewing event streams

    Refer to these instructions to view event streams in either the Aggregations tab or the Events tab.

    How to view Event streams in the Aggregations tab
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
      The Aggregations tab will be preselected.
    5. Optionally, do the following:
      • To modify the information displayed in a widget, click a menu and select a new value. Top menu options show the most common values for a property and Bottom menu options show you the least common values.

      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To view an event more closely in the Event details panel, click the event’s table row.
    How to view Event streams in the Events tab
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Remain in the Event streams tab.
      By default, all events for the current day are aggregated.
    3. Optionally, to filter events by using the search bar and/or a time range, see Performing Investigate searches.
      Note

      If the search query matches events from an event stream, the event stream panel will be highlighted in blue.

    4. Select an event stream panel.
      The Aggregations tab will be preselected.
    5. Select the Events tab.
    6. Optionally, do the following:
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 50, 100, or 500 events on the page.
      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event’s table row.
    Previous
    Next