Fortinet black logo

Administration Guide

Home FortiInsight Cloud 21.2.0 Administration Guide
21.2.0
21.2.0
21.1.0
6.4.0
6.2.0
6.0.0
5.6.0
5.4.0

Collections

Collections

A collection is a way of taking a snapshot of a particular search at a particular time so that you can perform further analysis on the results. For example, if you think an event or group of events is unusual, you can add it to a collection and inspect it later on.

Creating a collection

Create a collection by clicking Collection beside the search bar.

You can do this with any search. You can create collections based on Policy alerts, AI alerts, and Live events. You can also use collections as a way of saving a search that you want to perform regularly.

Refreshing a collection

If a collection contains a search that you want to perform regularly, such as a daily, weekly, or monthly search, you can refresh the collection to perform the search again by clicking Refresh Collection.

This takes the original search that you used as the basis for the collection and updates it by re-running the search with current data.

Taking snapshots of searches

To see all data within a snapshot, click on a collection. The Collection Definition shows the original search terms that were used. To further refine the data, you can search within a collection.

To export a collection or a subset of a collection, as a CSV file, click Export to CSV.

Previous
Next

Collections

A collection is a way of taking a snapshot of a particular search at a particular time so that you can perform further analysis on the results. For example, if you think an event or group of events is unusual, you can add it to a collection and inspect it later on.

Creating a collection

Create a collection by clicking Collection beside the search bar.

You can do this with any search. You can create collections based on Policy alerts, AI alerts, and Live events. You can also use collections as a way of saving a search that you want to perform regularly.

Refreshing a collection

If a collection contains a search that you want to perform regularly, such as a daily, weekly, or monthly search, you can refresh the collection to perform the search again by clicking Refresh Collection.

This takes the original search that you used as the basis for the collection and updates it by re-running the search with current data.

Taking snapshots of searches

To see all data within a snapshot, click on a collection. The Collection Definition shows the original search terms that were used. To further refine the data, you can search within a collection.

To export a collection or a subset of a collection, as a CSV file, click Export to CSV.

Previous
Next