Fortinet black logo

Administration Guide

Home FortiInsight Cloud 21.2.0 Administration Guide

Dashboard

21.2.0
21.2.0
21.1.0
6.4.0
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 37385887-1beb-11ec-8c53-00505692583a:72180
Download PDF

Dashboard

The FortiInsight dashboards provide an overview of the activity happening across your organization's environment over various time ranges. These dashboards are accessed through the Dashboards drop-down menu. There are six dashboards: one configurable Custom dashboard and five pre-defined dashboards (Forensic Activity, Alerts, Data Flow, Applications, and Notable Users).

Each dashboard contains a variety of widgets that provide information about events, users, and alerts.

Dashboard Controls

To export (custom, or pre-defined) dashboards, select the Export button. This will download the dashboard, plus all widgets currently available, in JSON format. You can then share this, with other analysts who can Import from the locally generated JSON file.

To change the timespan of the dashboard click on the Timespan dropdown, supported relative time selections are: 30 minutes, 1 hour, 6 hours, 1 day, 1 week, 2 weeks, 1 month, 3 months, and All time.

Selecting the refresh icon will refresh all widgets in the dashboard changing the relative time to now.

As well as export, on pre-defined dashboards, there is also the option to update your current custom dashboard to be the selected pre-defined one.

Custom Dashboard

The Custom dashboard consists of configurable widgets that you can build and modify to display the summary data you desire. You can add, remove, resize, and move around the widgets to create your own custom dashboard display.

The following image shows some examples of widgets:

Widget Types

To create a new widget, click New, name the widget, and select the type, data source, and field.

Widget Type

Description

Unique Count

Metric Type, providing the count of unique values of the selected data field.

Top N Table

Creates a bar chart, with a max of N records.

Series Over Time

Creates a line graph.

Stacked Bar Over Time

Creates a stacked bar graph using the values from the data field.

Top 100 Pie Chart

Create a pie chart.

The following image shows an example of the new widget window:

Filtering Widgets

To further refine the data that is displayed in the widgets, use the Add Search Filter option. The filter option works in the same way as the search bar.

The following shows an example of Top event activities filtered to the group name users.

Widget Controls

There are some basic controls for managing your widgets on custom dashboards - these include:

  • Settings: Providing access to the following, in the order seen below.

    1. Edit: To edit the metadata around your widget - updating its type, data source and field selections. For the Top N widget, you can also control the number of records to display.
    2. Clone: Cloning a widget into your custom dashboard, to help with create widgets from templates of existing ones.
    3. Export: To export individual widgets to share these with any other analysts.
    4. Linear/Log: Provided on any chart type widgets (Line, Stacked or Column) to update the view to a linear or logarithmic scale.
    5. Remove: Remove this widget from the dashboard
  • Enlarge: Allowing the widget to scale to full screen, providing you with a larger view to investigate the data
  • Go To: Go directly to the data source, pre-filling the search filter provided, and the timespan selected.

Forensic Activity Dashboard

The Forensic Activity dashboard provides an overview of all activity recorded by FortiInsight, including the following:

  • Top 10 endpoints, users, applications, files, folders, and activities
  • Lists of the most common applications and users

The following image shows an example of the Forensic Activity dashboard:

Alerts Dashboard

The Alerts dashboard provides an overview of all alerts that have been triggered by policy breaches, including the following:

  • The number of users who have breached policies.
  • The number of policies that were breached.
  • The number of critical policies that were breached (policies with a severity level of 60 and above).
  • A breakdown of the number of alerts generated by each policy, or associated with specific tags.

The following image shows an example of the Alerts dashboard:

Data Flow Dashboard

The Data Flow dashboard gives an overview of the following:

  • The amount of data that has been transferred into and out of your organization's network, including the users responsible and the countries involved.
  • A breakdown of the most common file extensions. This information gives you an idea of what types of data are being transferred.
  • A daily breakdown of data transfer.

The following image shows an example of the Data Flow dashboard:

Applications Dashboard

The Applications dashboard provides an overview of the key categories of applications that have been seen in your network.

The following image shows an example of the Applications dashboard:

Notable Users Dashboard

The notable users’ dashboard provides an easy way to collate together the riskiest users into a single dashboard. The dropdown provides you with those users who have either fired a High severity Policy or AI Alert, ordered by the most occurrences.

Select the dropdown to change which user you are currently focussing on.

Once selected the dashboard will refresh automatically providing you with the following, across your chosen timespan:

  • A trend of all Policy Alerts, stacked by severity.
  • A trend of all Anomalies, stack by severity.
  • The top high policies that have been associated with the user
  • The top tags associated with the user

  • Unique counts of

    1. Activities
    2. Applications
    3. Endpoints
    4. Files Used
    5. Folders Accessed
    6. Extensions used

The following image shows an example of the Notable Users Dashboard.

Previous
Next

Dashboard

The FortiInsight dashboards provide an overview of the activity happening across your organization's environment over various time ranges. These dashboards are accessed through the Dashboards drop-down menu. There are six dashboards: one configurable Custom dashboard and five pre-defined dashboards (Forensic Activity, Alerts, Data Flow, Applications, and Notable Users).

Each dashboard contains a variety of widgets that provide information about events, users, and alerts.

Dashboard Controls

To export (custom, or pre-defined) dashboards, select the Export button. This will download the dashboard, plus all widgets currently available, in JSON format. You can then share this, with other analysts who can Import from the locally generated JSON file.

To change the timespan of the dashboard click on the Timespan dropdown, supported relative time selections are: 30 minutes, 1 hour, 6 hours, 1 day, 1 week, 2 weeks, 1 month, 3 months, and All time.

Selecting the refresh icon will refresh all widgets in the dashboard changing the relative time to now.

As well as export, on pre-defined dashboards, there is also the option to update your current custom dashboard to be the selected pre-defined one.

Custom Dashboard

The Custom dashboard consists of configurable widgets that you can build and modify to display the summary data you desire. You can add, remove, resize, and move around the widgets to create your own custom dashboard display.

The following image shows some examples of widgets:

Widget Types

To create a new widget, click New, name the widget, and select the type, data source, and field.

Widget Type

Description

Unique Count

Metric Type, providing the count of unique values of the selected data field.

Top N Table

Creates a bar chart, with a max of N records.

Series Over Time

Creates a line graph.

Stacked Bar Over Time

Creates a stacked bar graph using the values from the data field.

Top 100 Pie Chart

Create a pie chart.

The following image shows an example of the new widget window:

Filtering Widgets

To further refine the data that is displayed in the widgets, use the Add Search Filter option. The filter option works in the same way as the search bar.

The following shows an example of Top event activities filtered to the group name users.

Widget Controls

There are some basic controls for managing your widgets on custom dashboards - these include:

  • Settings: Providing access to the following, in the order seen below.

    1. Edit: To edit the metadata around your widget - updating its type, data source and field selections. For the Top N widget, you can also control the number of records to display.
    2. Clone: Cloning a widget into your custom dashboard, to help with create widgets from templates of existing ones.
    3. Export: To export individual widgets to share these with any other analysts.
    4. Linear/Log: Provided on any chart type widgets (Line, Stacked or Column) to update the view to a linear or logarithmic scale.
    5. Remove: Remove this widget from the dashboard
  • Enlarge: Allowing the widget to scale to full screen, providing you with a larger view to investigate the data
  • Go To: Go directly to the data source, pre-filling the search filter provided, and the timespan selected.

Forensic Activity Dashboard

The Forensic Activity dashboard provides an overview of all activity recorded by FortiInsight, including the following:

  • Top 10 endpoints, users, applications, files, folders, and activities
  • Lists of the most common applications and users

The following image shows an example of the Forensic Activity dashboard:

Alerts Dashboard

The Alerts dashboard provides an overview of all alerts that have been triggered by policy breaches, including the following:

  • The number of users who have breached policies.
  • The number of policies that were breached.
  • The number of critical policies that were breached (policies with a severity level of 60 and above).
  • A breakdown of the number of alerts generated by each policy, or associated with specific tags.

The following image shows an example of the Alerts dashboard:

Data Flow Dashboard

The Data Flow dashboard gives an overview of the following:

  • The amount of data that has been transferred into and out of your organization's network, including the users responsible and the countries involved.
  • A breakdown of the most common file extensions. This information gives you an idea of what types of data are being transferred.
  • A daily breakdown of data transfer.

The following image shows an example of the Data Flow dashboard:

Applications Dashboard

The Applications dashboard provides an overview of the key categories of applications that have been seen in your network.

The following image shows an example of the Applications dashboard:

Notable Users Dashboard

The notable users’ dashboard provides an easy way to collate together the riskiest users into a single dashboard. The dropdown provides you with those users who have either fired a High severity Policy or AI Alert, ordered by the most occurrences.

Select the dropdown to change which user you are currently focussing on.

Once selected the dashboard will refresh automatically providing you with the following, across your chosen timespan:

  • A trend of all Policy Alerts, stacked by severity.
  • A trend of all Anomalies, stack by severity.
  • The top high policies that have been associated with the user
  • The top tags associated with the user

  • Unique counts of

    1. Activities
    2. Applications
    3. Endpoints
    4. Files Used
    5. Folders Accessed
    6. Extensions used

The following image shows an example of the Notable Users Dashboard.

Previous
Next