Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.1 Administration Guide
5.2.1
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Other options in the Event Viewer

Other options in the Event Viewer

Option

Description
Sorting Events Click any column name to sort security events. For example, you may want to sort by process and collector in order to see the history of everything that happened to that process on that device.
Free text search

Enter text in the search field.

By default, the System Defined option is selected, which specifies that the search is performed on the most relevant fields and then the event list is filtered accordingly. Alternatively, from this dropdown menu, you can select the field(s) that are searched, as follows:

Select a specific field when you know what you are searching (meaning whether it is ID, Process name or so on) in order to get results faster.

Searching For Events

Click the down arrow in the Search Event field to display a variety of search options . When the Event Viewer display is filtered by a search, the Search Event field displays the words Multiple search . To redisplay all the security events (unfiltered), click .

Note

  • The User field refers to the employee’s username on the computer and on the FortiEDR Manager.

  • You can select one or more action types in the AIR Action dropdown list.
Time Filter Click the down arrow in the Time Filter to display a list of time period options. The default is Last 30 days.
Archiving Events

Click the Archive button () to archive the selected security events. These security events are not deleted. You can display them using the Search option (described above) and selecting the included Archived Events option.

Note

To unarchive a security event, click the Unarchive button (), and then confirm the unarchive action in the window that displays.
Exporting Events Click the Export button () to export the selected security events to Excel.
Deleting Events

Click the Delete button () to completely delete a security event from the FortiEDR system.

Note

A deleted security event cannot be restored or retrieved. Unless you are having storage capacity issues, we highly recommend just hiding security events and not deleting them.
Forensics The optional FortiEDR Forensics add-on enables you to perform deep analysis of security events, as described on Forensics.
Exception Manager Click the Exception Manager button () to access the Exception Manager.
Previous
Next

Other options in the Event Viewer

Option

Description
Sorting Events Click any column name to sort security events. For example, you may want to sort by process and collector in order to see the history of everything that happened to that process on that device.
Free text search

Enter text in the search field.

By default, the System Defined option is selected, which specifies that the search is performed on the most relevant fields and then the event list is filtered accordingly. Alternatively, from this dropdown menu, you can select the field(s) that are searched, as follows:

Select a specific field when you know what you are searching (meaning whether it is ID, Process name or so on) in order to get results faster.

Searching For Events

Click the down arrow in the Search Event field to display a variety of search options . When the Event Viewer display is filtered by a search, the Search Event field displays the words Multiple search . To redisplay all the security events (unfiltered), click .

Note

  • The User field refers to the employee’s username on the computer and on the FortiEDR Manager.

  • You can select one or more action types in the AIR Action dropdown list.
Time Filter Click the down arrow in the Time Filter to display a list of time period options. The default is Last 30 days.
Archiving Events

Click the Archive button () to archive the selected security events. These security events are not deleted. You can display them using the Search option (described above) and selecting the included Archived Events option.

Note

To unarchive a security event, click the Unarchive button (), and then confirm the unarchive action in the window that displays.
Exporting Events Click the Export button () to export the selected security events to Excel.
Deleting Events

Click the Delete button () to completely delete a security event from the FortiEDR system.

Note

A deleted security event cannot be restored or retrieved. Unless you are having storage capacity issues, we highly recommend just hiding security events and not deleting them.
Forensics The optional FortiEDR Forensics add-on enables you to perform deep analysis of security events, as described on Forensics.
Exception Manager Click the Exception Manager button () to access the Exception Manager.
Previous
Next