Security summary
This dashboard panel displays a table of information about incoming security events that satisfied a security trigger, and the alarms that were created.
Overview
The Overview tab displays general statistics about security events and alarms that were generated, as well as the number of hosts that were isolated and/or remediated as a result of actions taken based on the security alarms.
Field |
Definition |
---|---|
Total Security Events |
The number of valid security events received during the specified time period. (Valid security events must have a Source IP Address). |
Security Events Discarded |
The number of security events that were not recorded during the specified time period because there were no enabled Security Triggers that matched the event. |
Security Events with Known Hosts |
The number of security events recorded during the specified time period that have a valid Source MAC (i.e., the server was able to resolve the Source IP to a MAC Address). |
Security Events with Unknown Hosts |
The number of security events recorded during the specified time period that have no Source MAC (i.e., the server was not able to resolve the Source IP to a MAC Address). |
Security Events Used for Alarms |
The number of security events recorded during the specified time period that were used to generate alarms. |
Security Alarms Generated |
The number of security alarms generated during the specified time period. |
Unique Hosts Generating Security Alarms |
The number of different hosts that generated security alarms during the specified time period. |
Security Alarms with Actions Not Taken |
The number of security alarms generated during the specified time period for which the corresponding action was not taken. Click the number of security alarms to view the alarms in Security Alarms view. |
Security Alarms with Actions Taken |
The number of security alarms generated during the specified time period for which the corresponding alarm action was taken. Click the number of security alarms to view the alarms in Security Alarms view. |
Security Alarms with Actions Taken and Undone |
The number of security alarms generated during the specified time period for which the corresponding alarm action was both taken and undone. Click the number of security alarms to view the alarms in Security Alarms view. |
Hosts Isolated |
The number of hosts which have been isolated as the result of a security alarm generated during the specified time period. Click the number of hosts to display the hosts which were isolated. Note that the list only shows hosts that are still being managed by FortiNAC. |
Hosts Remediated |
The number of hosts which have been remediated as the result of a security alarm generated during the specified time period. Click the number of hosts to display the hosts which were remediated. Note that the list only shows hosts that are still being managed by FortiNAC. |
Alarms
The Alarms tab displays up to 20 of the most frequent security alarms that occurred during the selected time period.
Field |
Definition |
---|---|
Matching Rule |
The security rule that was satisfied which triggered the security alarm(s). |
Total Alarms |
The total number of security alarms that were triggered by the security rule. |
Show Hosts |
Opens a dialog showing the details of each host that generated the security alarm. You can also access the Host View from the Show Hosts dialog. See Host view. |
Events
The Events tab displays up to 20 of the most frequent or least frequent security events that occurred during the selected time period.
The Top Hosts Generating Security Events section displays up to 20 hosts that have generated the most security events during the selected time period.
Field |
Definition |
---|---|
Total Security Events Recorded |
The total number of security events that occurred during the selected time period. |
Show Top/Bottom Events |
Click Show Top Events to display the most frequently occurring security events during the selected time period. Click Show Bottom Events to display the least frequently occurring security events during the selected time period. |
Event Severity |
Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low. |
Event Description |
A description of the security event that you can click to view more information about the security event in Security Events view. |
Total Events |
The total number of each type of security event that occurred during the specified time period. The percentage of Total Security Events Recorded of which the security event type comprises is also displayed. |
Event Severity |
Enables you to display security events by severity level. Select All, Critical, High, Medium, or Low. |
Host Name |
The name of the host that generated the security event. Click the host name to view details of the host in Host View. |
User Name |
The name of the logged on user for the host. |
Operating System |
The operating system of the host. |
Total Events |
The total number of security events generated by the host that occurred during the specified time period. The percentage of Total Security Events Recorded of which the security events generated by the host comprise is also displayed. |