Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Viewing the Activity feed

    Viewing the Activity feed

    To view events the Activity feed, follow these steps.

    How to view the Activity feed
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Activity feed tab.
      By default, all events for the current day are shown.
    3. Optionally, do the following:
      • To search for events by using the search bar and/or a time range, see Performing Investigate searches.
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 events on the page.
      • To filter the event streams shown in the table, do either of the following:
        • To filter using the Event streams menu, at the top right of the page, click Event streams and do one of the following:
          • To only show the streams matching an entered search query, select the Auto (match search query) radio button.
          • To show all event streams, select the All event streams radio button.
          • To select any streams, select the Custom radio button.
          • To set and use a default selection of streams:
            1. Set a default selection of streams to use at any time:
              1. Make a selection of streams.
              2. Next to the My default radio button, click Set new default.

            2. Use your default selection of streams by selecting the My default radio button.
            Note

            Custom selections and My default are preserved when you navigate to other modules, and between login sessions.

        • To filter using the event streams widget:
          1. Above the table, to the right of an event stream, click.
          2. Select or to only show the stream or hide the stream, respectively.
      • To view aggregations, click Aggregations at the top right of the page and do the following:
        1. In the Event stream menu, select an event stream.
        2. In the Select a term menu, select a term.
        3. Optionally, in the Top 20 menu, select another option to show a different number of results based on the most or least occurring values for the selected term.
      • To apply a filter or navigate to a page related to a visible event stream, at the top of the page, clicknext to a stream in the widget and select the relevant option.

      • To customize which pinned fields are shown in the Pinned fields column, do either of the following:
        • Make a custom selection by doing either of the following:
          • At the top of the table, click Pinned fields and make a selection.
          • Click the row of an event to expand it and then click to the left of the relevant fields.
        • Set and use a default selection:
          1. Set a default selection of pinned fields:
            1. At the top of the table, click Pinned fields and make a selection.
            2. Next to the My default radio button, click Set new default.
          2. Use your default selection:
            1. At the top of the table, click Pinned fields.
            2. Select the My default radio button.
            Note

            Custom selections and My default are preserved when you navigate to other modules, and between login sessions.

      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To add an event to a case, on the row of the event, click .
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event's table row.
    Previous
    Next

    Viewing the Activity feed

    Viewing the Activity feed

    To view events the Activity feed, follow these steps.

    How to view the Activity feed
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Activity feed tab.
      By default, all events for the current day are shown.
    3. Optionally, do the following:
      • To search for events by using the search bar and/or a time range, see Performing Investigate searches.
      • To modify the table columns:
        • Click Columns and select/deselect the relevant checkboxes.
        • Change the Items/page default. You can show 10, 25, or 50 events on the page.
      • To filter the event streams shown in the table, do either of the following:
        • To filter using the Event streams menu, at the top right of the page, click Event streams and do one of the following:
          • To only show the streams matching an entered search query, select the Auto (match search query) radio button.
          • To show all event streams, select the All event streams radio button.
          • To select any streams, select the Custom radio button.
          • To set and use a default selection of streams:
            1. Set a default selection of streams to use at any time:
              1. Make a selection of streams.
              2. Next to the My default radio button, click Set new default.

            2. Use your default selection of streams by selecting the My default radio button.
            Note

            Custom selections and My default are preserved when you navigate to other modules, and between login sessions.

        • To filter using the event streams widget:
          1. Above the table, to the right of an event stream, click.
          2. Select or to only show the stream or hide the stream, respectively.
      • To view aggregations, click Aggregations at the top right of the page and do the following:
        1. In the Event stream menu, select an event stream.
        2. In the Select a term menu, select a term.
        3. Optionally, in the Top 20 menu, select another option to show a different number of results based on the most or least occurring values for the selected term.
      • To apply a filter or navigate to a page related to a visible event stream, at the top of the page, clicknext to a stream in the widget and select the relevant option.

      • To customize which pinned fields are shown in the Pinned fields column, do either of the following:
        • Make a custom selection by doing either of the following:
          • At the top of the table, click Pinned fields and make a selection.
          • Click the row of an event to expand it and then click to the left of the relevant fields.
        • Set and use a default selection:
          1. Set a default selection of pinned fields:
            1. At the top of the table, click Pinned fields and make a selection.
            2. Next to the My default radio button, click Set new default.
          2. Use your default selection:
            1. At the top of the table, click Pinned fields.
            2. Select the My default radio button.
            Note

            Custom selections and My default are preserved when you navigate to other modules, and between login sessions.

      • To filter the events by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.
        • Tooltip

        The following list summarizes the buttons that display:

        • Filters the current page for events with the same value.
        • Filters the current page for events without the value.
        • Filters by a value within the SaaS apps module's Inventory tab.
        • Copies a value to your clipboard.
        • Displays more information about a value.
        • Displays a submenu containing the following options:
          • Filters by a value within the Users module.
          • Filters by a value within the Nodes module (if selected from a user's context box) or takes you to the Node profile page (if selected from a node's context box).
      • To add an event to a case, on the row of the event, click .
      • To filter the page for events occurring before, after, or around the same time as an event in the table, click the timestamp and set your preferred time range.
        • Example

        For example, selecting 10 minutes and the Around menu option would filter for events occurring during the 10 minutes before the timestamp and the 10 minutes after the timestamp.

      • To view an event more closely in the Event details panel, click the event's table row.
    Previous
    Next