Fortinet black logo

Administration Guide

Home FortiInsight Cloud 21.2.0 Administration Guide
21.2.0
21.2.0
21.1.0
6.4.0
6.2.0
6.0.0
5.6.0
5.4.0

User Timeline

User Timeline

The User Timeline allows you to view alerts, and select events across a timeline. This view collates multiple sources of data into a single timeline so you can see all information on the specific user. For instance, in one view you can see AI alerts, Policy alerts, Event information summaries - including applications, files, activities and user log-on, log-offs.

The User Timeline can be accessed via the context menu, where FortiInsight provided helpers, like add direct to search, exclude and so on. Right click on the user element, i.e. User, Username columns in tables or summary tabs.

Threat Hunting Live Table

The following image shows where to right click and how to pull up the User Timeline.

The following image shows the User Timeline.

Click into the Timeline element to display more information. It will give you two types of information: Alerts, for AI or Policy, and data for events. The following image shows that all applications in the event have used explorer.exe.

Previous
Next

User Timeline

The User Timeline allows you to view alerts, and select events across a timeline. This view collates multiple sources of data into a single timeline so you can see all information on the specific user. For instance, in one view you can see AI alerts, Policy alerts, Event information summaries - including applications, files, activities and user log-on, log-offs.

The User Timeline can be accessed via the context menu, where FortiInsight provided helpers, like add direct to search, exclude and so on. Right click on the user element, i.e. User, Username columns in tables or summary tabs.

Threat Hunting Live Table

The following image shows where to right click and how to pull up the User Timeline.

The following image shows the User Timeline.

Click into the Timeline element to display more information. It will give you two types of information: Alerts, for AI or Policy, and data for events. The following image shows that all applications in the event have used explorer.exe.

Previous
Next