Fortinet white logo
Fortinet white logo

Administration Guide

Application view

Application view

The application view is part of a window that includes menu options for users, adapters, hosts, and applications.

Applications for scanned hosts connected to your network appear in the application view. As hosts are scanned, the list of applications is updated.

You may not have access to all of the fields listed in this table. Access depends on the type of license key installed and which features are enabled in that license.

The fields listed in the table below are displayed in columns on the application view based on the selections you make in the Settings window. See Configure table columns and tooltips. Most of these fields are also used in custom filters.

Settings

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. Options include:

  • Name
  • OS
  • OS Version
  • Package Name
  • Source
  • Threat Override. Select Trusted or Untrusted. For Security Incidents only.
  • Threat Score (Security Incidents only) - Enter a single number or a range of numbers
    (e.g., 8-10)
  • Vendor
  • Version

See Filters.

Update

Displays the filtered data in the table.

Security events

Name

The name of the application.

Threat Score

The threat score assigned to the application.

Note

This field appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Version

The version of the application being scanned. (This information may not be available.)

Vendor

The name of the vendor providing the application. (This information may not be available.)

Operating System

The operating system of the device containing the application.

Operating System
Version

The operating system version for the device. (This information may not be available.)

Source

The agent that is used to scan the application.

Threat Override

Indicates whether an application as Trusted or Untrusted according to the threat score.

This field appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Package Name

The namespace in which the application is run. (This information may not be available.)

Submit Date

The date when the application was last submitted to a Threat Analysis Engine.

Note

This field appears only when the Security Incidents license is enabled.

Host Count

The number of hosts that have the application.

Buttons

Export

The Export option allows you to export a list of selected applications to CSV, Excel, PDF, or RTF formats.

Options

Displays the same series of menu picks displayed when the right-mouse button is clicked on a selected user.

Show Hosts

Opens the Host View, displaying the host(s) containing the application. Users can also right-click in the Applications table to access this option.

Delete

Deletes the selected application. Users can also right-click in the Applications table to access this option.

Rescan

Rescans the selected application for threat analysis. Users can also right-click in the Applications table to access this option.

Note

This field appears only when the Security Incidents license is enabled.

Set Threat Override

Marks an application as Trusted or Untrusted, overriding the existing threat score. The original threat score is not changed, and the override may be set back to "none". Users can also right-click in the Applications table to access this option.

This option appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Show the host(s) containing an application

  1. Select Users & Hosts > Applications.
  2. Select an application in the table and click Show Hosts, or right-click an application and select Show Hosts from the menu.

The Host View is displayed showing the host(s) that contain the application.

Set the threat override for an application

Set threat override lets users mark an application as trusted or untrusted, overriding the existing threat score. The original threat score is not changed, and the override may be set back to "none".

You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

  1. Select Users & Hosts > Applications.
  2. Select an application in the table and click Set Threat Override, or right-click an application and select Set Threat Override from the menu.
  3. Select Trusted or Untrusted from the drop-down menu.
  4. Click OK.

Application view

Application view

The application view is part of a window that includes menu options for users, adapters, hosts, and applications.

Applications for scanned hosts connected to your network appear in the application view. As hosts are scanned, the list of applications is updated.

You may not have access to all of the fields listed in this table. Access depends on the type of license key installed and which features are enabled in that license.

The fields listed in the table below are displayed in columns on the application view based on the selections you make in the Settings window. See Configure table columns and tooltips. Most of these fields are also used in custom filters.

Settings

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. Options include:

  • Name
  • OS
  • OS Version
  • Package Name
  • Source
  • Threat Override. Select Trusted or Untrusted. For Security Incidents only.
  • Threat Score (Security Incidents only) - Enter a single number or a range of numbers
    (e.g., 8-10)
  • Vendor
  • Version

See Filters.

Update

Displays the filtered data in the table.

Security events

Name

The name of the application.

Threat Score

The threat score assigned to the application.

Note

This field appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Version

The version of the application being scanned. (This information may not be available.)

Vendor

The name of the vendor providing the application. (This information may not be available.)

Operating System

The operating system of the device containing the application.

Operating System
Version

The operating system version for the device. (This information may not be available.)

Source

The agent that is used to scan the application.

Threat Override

Indicates whether an application as Trusted or Untrusted according to the threat score.

This field appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Package Name

The namespace in which the application is run. (This information may not be available.)

Submit Date

The date when the application was last submitted to a Threat Analysis Engine.

Note

This field appears only when the Security Incidents license is enabled.

Host Count

The number of hosts that have the application.

Buttons

Export

The Export option allows you to export a list of selected applications to CSV, Excel, PDF, or RTF formats.

Options

Displays the same series of menu picks displayed when the right-mouse button is clicked on a selected user.

Show Hosts

Opens the Host View, displaying the host(s) containing the application. Users can also right-click in the Applications table to access this option.

Delete

Deletes the selected application. Users can also right-click in the Applications table to access this option.

Rescan

Rescans the selected application for threat analysis. Users can also right-click in the Applications table to access this option.

Note

This field appears only when the Security Incidents license is enabled.

Set Threat Override

Marks an application as Trusted or Untrusted, overriding the existing threat score. The original threat score is not changed, and the override may be set back to "none". Users can also right-click in the Applications table to access this option.

This option appears only when the Security Incidents license is enabled. You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

Show the host(s) containing an application

  1. Select Users & Hosts > Applications.
  2. Select an application in the table and click Show Hosts, or right-click an application and select Show Hosts from the menu.

The Host View is displayed showing the host(s) that contain the application.

Set the threat override for an application

Set threat override lets users mark an application as trusted or untrusted, overriding the existing threat score. The original threat score is not changed, and the override may be set back to "none".

You must have Security Incidents enabled in your licensing package in order to use Security Incidents features.

  1. Select Users & Hosts > Applications.
  2. Select an application in the table and click Set Threat Override, or right-click an application and select Set Threat Override from the menu.
  3. Select Trusted or Untrusted from the drop-down menu.
  4. Click OK.