Fortinet black logo

Administration Guide

Home FortiInsight Cloud 21.2.0 Administration Guide
21.2.0
21.2.0
21.1.0
6.4.0
6.2.0
6.0.0
5.6.0
5.4.0

Alerts

Alerts

FortiInsight generates two types of alerts: Policy and AI alerts. You can view both types of alerts on the Alerts pages in the FortiInsight UI.

Policy alerts

The Policy Alerts page shows alerts that FortiInsight generates based on policy settings. FortiInsight generates an alert if an event meets conditions that you defined in policies. For example, you can set up an alert that notifies you if a user accesses a sensitive file on a network drive.

To see policy alerts, go to Policy > Alerts.

AI alerts

The AI Alerts page shows alerts that FortiInsight AI generates. If there are alerts on this page, it means that FortiInsight AI detected some anomalous behavior based on one or more events, as well as any tags that you defined.

To see AI alerts, go to AI > Alerts.

Timeline

The timeline provides a weekly view of alerts, categorized by severity (low, medium, and high). The quantity of alerts is represented by the size of the dots.

The following image shows an example timeline.

Searching alerts

The search bar allows you to narrow down the alerts displayed on either the Policy Alerts or AI Alerts pages. To sort and order alerts, click the column headings and use the checkboxes to choose the columns that you want to see.

Similar alerts that occur around the same time are grouped together to reduce noise. Click more to see all of the related events, and click Hide to re-group them. The following image shows the grouping options in the Expand column.

Finding related alerts

To help you explore alerts that may be connected, and potentially provide further information and context, you can see alerts that occurred around the same time as a specific alert.

  1. Right-click the timestamp of an alert.
  2. Select Find Items Around This Time.

FortiInsight narrows the list to alerts that occurred within a five minute radius (five minutes before to five minutes after) of the alert that you selected.

Alert details

To drill down into further details about alerts, click on an alert. You can see a high-level overview of the alert. You can see more details about the individual events that make up the alert under Events within this Alert.

From here, you can choose to start an investigation based on this alert, or add the alert to an existing investigation.

The following image shows the investigation options.

To get more context on an alert, right-click an element of an alert and select Threat Hunt. This action takes you to the Threat Hunting page where you can view more information.

To export alerts, click Export to CSV.

Previous
Next

Alerts

FortiInsight generates two types of alerts: Policy and AI alerts. You can view both types of alerts on the Alerts pages in the FortiInsight UI.

Policy alerts

The Policy Alerts page shows alerts that FortiInsight generates based on policy settings. FortiInsight generates an alert if an event meets conditions that you defined in policies. For example, you can set up an alert that notifies you if a user accesses a sensitive file on a network drive.

To see policy alerts, go to Policy > Alerts.

AI alerts

The AI Alerts page shows alerts that FortiInsight AI generates. If there are alerts on this page, it means that FortiInsight AI detected some anomalous behavior based on one or more events, as well as any tags that you defined.

To see AI alerts, go to AI > Alerts.

Timeline

The timeline provides a weekly view of alerts, categorized by severity (low, medium, and high). The quantity of alerts is represented by the size of the dots.

The following image shows an example timeline.

Searching alerts

The search bar allows you to narrow down the alerts displayed on either the Policy Alerts or AI Alerts pages. To sort and order alerts, click the column headings and use the checkboxes to choose the columns that you want to see.

Similar alerts that occur around the same time are grouped together to reduce noise. Click more to see all of the related events, and click Hide to re-group them. The following image shows the grouping options in the Expand column.

Finding related alerts

To help you explore alerts that may be connected, and potentially provide further information and context, you can see alerts that occurred around the same time as a specific alert.

  1. Right-click the timestamp of an alert.
  2. Select Find Items Around This Time.

FortiInsight narrows the list to alerts that occurred within a five minute radius (five minutes before to five minutes after) of the alert that you selected.

Alert details

To drill down into further details about alerts, click on an alert. You can see a high-level overview of the alert. You can see more details about the individual events that make up the alert under Events within this Alert.

From here, you can choose to start an investigation based on this alert, or add the alert to an existing investigation.

The following image shows the investigation options.

To get more context on an alert, right-click an element of an alert and select Threat Hunt. This action takes you to the Threat Hunting page where you can view more information.

To export alerts, click Export to CSV.

Previous
Next