Fortinet black logo

Administration Guide

Classification Details

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:115069
Download PDF

Classification Details

The Classification Details area displays the classification, policy and rules assigned to the FortiEDR Collector that triggered this security event.

Click the History down arrow to display the classification history of a security event. The classification history shows the chronology for classifying the security event, and the actions performed by FortiEDR for that event. This area also displays relevant details when the FortiEDR Cloud Service (FCS) reclassifies a security event after its initial classification by the Core.

All FortiEDR actions are based on the final classification of a security event by the FCS. The FCS is a cloud-based, software only service that determines the exact classification of security events and acts accordingly based on that classification – all with a high degree of accuracy. All Playbook policy actions are based on the final determination of the FCS.For more details, see Playbook Policies.

For example, the following example shows that the security event was reclassified by the FCS and given a notification status of Suspicious at 15:44:51.

Classification Details

The Classification Details area displays the classification, policy and rules assigned to the FortiEDR Collector that triggered this security event.

Click the History down arrow to display the classification history of a security event. The classification history shows the chronology for classifying the security event, and the actions performed by FortiEDR for that event. This area also displays relevant details when the FortiEDR Cloud Service (FCS) reclassifies a security event after its initial classification by the Core.

All FortiEDR actions are based on the final classification of a security event by the FCS. The FCS is a cloud-based, software only service that determines the exact classification of security events and acts accordingly based on that classification – all with a high degree of accuracy. All Playbook policy actions are based on the final determination of the FCS.For more details, see Playbook Policies.

For example, the following example shows that the security event was reclassified by the FCS and given a notification status of Suspicious at 15:44:51.