Fortinet black logo

Administration Guide

Automated Analysis

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:198529
Download PDF

Automated Analysis

The Automated Analysis tab provides additional information about the investigation done automatically on Fortinet Cloud Services (FCS) per the security event to help you understand FortiEDR’s rationale when classifying an item with a specific classification.

The classification history of a security event is presented in the Classification Details area (see page 129) and shows the chronology for classifying a security event, as well as the automatic investigation and remediation actions performed by FortiEDR for that event.

The information shown in the Automated Analysis tab supplements this analysis, providing even more information about how and why a given security event was classified as it was. This tab shows the actions that were performed for the analysis plus a categorized summary of what was analyzed. For example, the analyzed files, memory segments, the IP address involved in the communication, the email address associated with the security event and so on. A Fortinet Cloud Services comment is available at the top of this area that summarizes the analysis verdict and conclusion in text.

For example, the following shows a security event that was initially classified as Inconclusive by FortiEDR Core, but after FCS automatic analysis was reclassified as Malicious. In this case, four files were analyzed. You can click the name of the file to display more details about it, including its metadata along with several properties of the file (signature, certificate, hash and so on).

You can click the down arrow next to an item to view all the investigation actions performed and analysis results related to that item.

Automated Analysis

The Automated Analysis tab provides additional information about the investigation done automatically on Fortinet Cloud Services (FCS) per the security event to help you understand FortiEDR’s rationale when classifying an item with a specific classification.

The classification history of a security event is presented in the Classification Details area (see page 129) and shows the chronology for classifying a security event, as well as the automatic investigation and remediation actions performed by FortiEDR for that event.

The information shown in the Automated Analysis tab supplements this analysis, providing even more information about how and why a given security event was classified as it was. This tab shows the actions that were performed for the analysis plus a categorized summary of what was analyzed. For example, the analyzed files, memory segments, the IP address involved in the communication, the email address associated with the security event and so on. A Fortinet Cloud Services comment is available at the top of this area that summarizes the analysis verdict and conclusion in text.

For example, the following shows a security event that was initially classified as Inconclusive by FortiEDR Core, but after FCS automatic analysis was reclassified as Malicious. In this case, four files were analyzed. You can click the name of the file to display more details about it, including its metadata along with several properties of the file (signature, certificate, hash and so on).

You can click the down arrow next to an item to view all the investigation actions performed and analysis results related to that item.