Security events
Security events displays all incoming security events to FortiNAC that satisfy a security trigger. FortiNAC automatically reviews all security rules for each event. When an event satisfies a trigger associated with a rule, an alarm is created.
You can also create an event rule based on one or more security events in the list.
To view security events, go to Logs > Security Incidents > Events.
Settings
The fields listed in the table below are displayed in columns on the Security Events view based on the selections you make in the Settings window.
Field |
Definition |
---|---|
Add Filter |
Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. See Filters on page 1. |
Update |
Displays the filtered data in the table. |
Pause |
Allows user to pause the Security Event view from updating with new events so specific events can be viewed more easily. |
Events |
|
Event Date |
The date when the event was received. |
Source IP |
The IP address for the host that triggered the event. |
Source MAC |
The MAC address of the host that triggered the event. |
Destination IP |
The IP address of the host or device the source host was communicating with. |
Alert Type |
The type of security event was received. |
Subtype |
The subtype of the security event. |
Severity |
The severity of the event reported by the security appliance. |
Threat ID |
A unique identifying code supplied by the vendor for the specific type of threat or event that occurred. |
Event Description |
A description supplied by the security appliance of the event. |
Location |
The location of the source host is on the network. For example, this could be the SSID the host is connected to wirelessly, or the port the host is plugged into on a switch. |
Buttons |
|
Export |
Use the Export option to export a list of selected hosts to CSV, Excel, PDF, or RTF formats. |
Options |
Options displays the same series of menu picks displayed when the right-mouse button is clicked on a selected alarm. |
View Details |
Displays the details of the security event. |
View Host |
Opens the Modify Host window to view and update the details of the host associated with the selected security event. |
Right click options |
|
View Details |
Displays the details of the security event. |
View Host |
Opens the Modify Host window to view and update the details of the host associated with the selected security event. |
View in Host View |
Opens the host in Host View. |
Create Event Rule |
Allows user to create a rule based on the selected events. |
Add an event rule from security events
You can create security event rules directly from the Security Event view. This enables you to create security rules directly from security events as the events occur.
- Click Logs > Security Incidents > Events.
- Use the filters to locate the appropriate event.
- Select the event(s) you wish to use to create the rule. You can select multiple events at a time.
- Right-click and select Create Event Rule.
- Select the field(s) from the Available Fields column, and then click the right-arrow to add the fields to the Selected Fields column.
- Click OK.
- The Add Security Trigger window appears. The selected fields populate the trigger filter fields.
- Add the details of the trigger. See .
- Click OK.
- The Add Security Rule window appears.
- Add the details of the security rule. See .
The security rule is added to the list of rules in the Security Rules view.