Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.1.0 Administration Guide
5.1.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Manually Changing the Classification of a Security Event

Manually Changing the Classification of a Security Event

You can manually change the classification of a security event, if needed.

  1. Select the rule’s checkbox and then click the button or just click the flag icon of the security event row. The Event Handling window displays.
  2. In the Classification dropdown list, change the classification for the security event, as needed.

  3. Click the
  4. [Optional] Click the button to mark the security event as handled after saving the event.

    After changing the classification of a security event, the Classification Details area displays the history of any actions (Playbook policy-related actions and others) that were made automatically by FortiEDR, as shown below. For Playbook policy actions, the timestamp shows when the action was performed, as defined in the Playbook policy. For more details about Playbook policy actions, see Playbook Policies.

    When the Fortinet logo appears next to an entry in the CLASSIFICATION DETAILS area, it indicates that the security event was automatically classified by FortiEDR. Security events that are manually classified do not display the Fortinet logo.

    Note: Notifications for security events are not shown in the Classification Details area.

Previous
Next

Manually Changing the Classification of a Security Event

You can manually change the classification of a security event, if needed.

  1. Select the rule’s checkbox and then click the button or just click the flag icon of the security event row. The Event Handling window displays.
  2. In the Classification dropdown list, change the classification for the security event, as needed.

  3. Click the
  4. [Optional] Click the button to mark the security event as handled after saving the event.

    After changing the classification of a security event, the Classification Details area displays the history of any actions (Playbook policy-related actions and others) that were made automatically by FortiEDR, as shown below. For Playbook policy actions, the timestamp shows when the action was performed, as defined in the Playbook policy. For more details about Playbook policy actions, see Playbook Policies.

    When the Fortinet logo appears next to an entry in the CLASSIFICATION DETAILS area, it indicates that the security event was automatically classified by FortiEDR. Security events that are manually classified do not display the Fortinet logo.

    Note: Notifications for security events are not shown in the Classification Details area.

Previous
Next