Fortinet black logo

Administration Guide

Home FortiNAC 8.3.0 Administration Guide
8.3.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.2
8.3.0

Security summary

Security summary

This dashboard panel displays a table of information about incoming security events that satisfied a security trigger, and the alarms that were created.

Overview

The Overview tab displays general statistics about security events and alarms that were generated, as well as the number of hosts that were isolated and/or remediated as a result of actions taken based on the security alarms.

Field

Definition

Total Security Events

The number of valid security events received during the specified time period. (Valid security events must have a Source IP Address).

Security Events Discarded

The number of security events that were not recorded during the specified time period because there were no enabled Security Triggers that matched the event.

Security Events with Known Hosts

The number of security events recorded during the specified time period that have a valid Source MAC (i.e., the server was able to resolve the Source IP to a MAC Address).

Security Events with Unknown Hosts

The number of security events recorded during the specified time period that have no Source MAC (i.e., the server was not able to resolve the Source IP to a MAC Address).

Security Events Used for Alarms

The number of security events recorded during the specified time period that were used to generate alarms.

Security Alarms Generated

The number of security alarms generated during the specified time period.

Unique Hosts Generating Security Alarms

The number of different hosts that generated security alarms during the specified time period.

Security Alarms with Actions Not Taken

The number of security alarms generated during the specified time period for which the corresponding action was not taken.

Click the number of security alarms to view the alarms in Security Alarms view.

Security Alarms with Actions Taken

The number of security alarms generated during the specified time period for which the corresponding alarm action was taken.

Click the number of security alarms to view the alarms in Security Alarms view.

Security Alarms with Actions Taken and Undone

The number of security alarms generated during the specified time period for which the corresponding alarm action was both taken and undone.

Click the number of security alarms to view the alarms in Security Alarms view.

Hosts Isolated

The number of hosts which have been isolated as the result of a security alarm generated during the specified time period.

Click the number of hosts to display the hosts which were isolated. Note that the list only shows hosts that are still being managed by FortiNAC.

Hosts Remediated

The number of hosts which have been remediated as the result of a security alarm generated during the specified time period.

Click the number of hosts to display the hosts which were remediated. Note that the list only shows hosts that are still being managed by FortiNAC.

Alarms

The Alarms tab displays up to 20 of the most frequent security alarms that occurred during the selected time period.

Field

Definition

Matching Rule

The security rule that was satisfied which triggered the security alarm(s).

Total Alarms

The total number of security alarms that were triggered by the security rule.

Show Hosts

Opens a dialog showing the details of each host that generated the security alarm. You can also access the Host View from the Show Hosts dialog. See Host view.

Events

The Events tab displays up to 20 of the most frequent or least frequent security events that occurred during the selected time period.

The Top Hosts Generating Security Events section displays up to 20 hosts that have generated the most security events during the selected time period.

Field

Definition

Total Security Events Recorded

The total number of security events that occurred during the selected time period.

Show Top/Bottom Events

Click Show Top Events to display the most frequently occurring security events during the selected time period.

Click Show Bottom Events to display the least frequently occurring security events during the selected time period.

Top security events

Event Severity

Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low.

Event Description

A description of the security event that you can click to view more information about the security event in Security Events view.

Total Events

The total number of each type of security event that occurred during the specified time period.

The percentage of Total Security Events Recorded of which the security event type comprises is also displayed.

Top hosts generating security events

Event Severity

Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low.

Host Name

The name of the host that generated the security event. Click the host name to view details of the host in Host View.

User Name

The name of the logged on user for the host.

Operating System

The operating system of the host.

Total Events

The total number of security events generated by the host that occurred during the specified time period.

The percentage of Total Security Events Recorded of which the security events generated by the host comprise is also displayed.
Previous
Next

Security summary

This dashboard panel displays a table of information about incoming security events that satisfied a security trigger, and the alarms that were created.

Overview

The Overview tab displays general statistics about security events and alarms that were generated, as well as the number of hosts that were isolated and/or remediated as a result of actions taken based on the security alarms.

Field

Definition

Total Security Events

The number of valid security events received during the specified time period. (Valid security events must have a Source IP Address).

Security Events Discarded

The number of security events that were not recorded during the specified time period because there were no enabled Security Triggers that matched the event.

Security Events with Known Hosts

The number of security events recorded during the specified time period that have a valid Source MAC (i.e., the server was able to resolve the Source IP to a MAC Address).

Security Events with Unknown Hosts

The number of security events recorded during the specified time period that have no Source MAC (i.e., the server was not able to resolve the Source IP to a MAC Address).

Security Events Used for Alarms

The number of security events recorded during the specified time period that were used to generate alarms.

Security Alarms Generated

The number of security alarms generated during the specified time period.

Unique Hosts Generating Security Alarms

The number of different hosts that generated security alarms during the specified time period.

Security Alarms with Actions Not Taken

The number of security alarms generated during the specified time period for which the corresponding action was not taken.

Click the number of security alarms to view the alarms in Security Alarms view.

Security Alarms with Actions Taken

The number of security alarms generated during the specified time period for which the corresponding alarm action was taken.

Click the number of security alarms to view the alarms in Security Alarms view.

Security Alarms with Actions Taken and Undone

The number of security alarms generated during the specified time period for which the corresponding alarm action was both taken and undone.

Click the number of security alarms to view the alarms in Security Alarms view.

Hosts Isolated

The number of hosts which have been isolated as the result of a security alarm generated during the specified time period.

Click the number of hosts to display the hosts which were isolated. Note that the list only shows hosts that are still being managed by FortiNAC.

Hosts Remediated

The number of hosts which have been remediated as the result of a security alarm generated during the specified time period.

Click the number of hosts to display the hosts which were remediated. Note that the list only shows hosts that are still being managed by FortiNAC.

Alarms

The Alarms tab displays up to 20 of the most frequent security alarms that occurred during the selected time period.

Field

Definition

Matching Rule

The security rule that was satisfied which triggered the security alarm(s).

Total Alarms

The total number of security alarms that were triggered by the security rule.

Show Hosts

Opens a dialog showing the details of each host that generated the security alarm. You can also access the Host View from the Show Hosts dialog. See Host view.

Events

The Events tab displays up to 20 of the most frequent or least frequent security events that occurred during the selected time period.

The Top Hosts Generating Security Events section displays up to 20 hosts that have generated the most security events during the selected time period.

Field

Definition

Total Security Events Recorded

The total number of security events that occurred during the selected time period.

Show Top/Bottom Events

Click Show Top Events to display the most frequently occurring security events during the selected time period.

Click Show Bottom Events to display the least frequently occurring security events during the selected time period.

Top security events

Event Severity

Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low.

Event Description

A description of the security event that you can click to view more information about the security event in Security Events view.

Total Events

The total number of each type of security event that occurred during the specified time period.

The percentage of Total Security Events Recorded of which the security event type comprises is also displayed.

Top hosts generating security events

Event Severity

Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low.

Host Name

The name of the host that generated the security event. Click the host name to view details of the host in Host View.

User Name

The name of the logged on user for the host.

Operating System

The operating system of the host.

Total Events

The total number of security events generated by the host that occurred during the specified time period.

The percentage of Total Security Events Recorded of which the security events generated by the host comprise is also displayed.
Previous
Next