Fortinet white logo
Fortinet white logo

User Guide

Nodes

Nodes

You can hover over all the nodes in the Visualizer to view summary information about a rule, device, indicator or connector line. Click a node to open the Quick View panel on the right side of the page. Right-click a node to open a context menu.

Detector nodes

Hover over a detector node to view related information about the detection such as the detector's Category, Severity, Confidence rating as well as the number of Active and Resolved Detections. The detector and its impacted devices are also highlighted.

Device nodes

Hover over a device node, to view the device IP address. If you hover over a device group, the list of IP addresses is shown. The device group and related detections will be highlighted.

Right-click a device node to show/hide the label or the node, add an annotation, or mute the device

Indicator node

Hover over an indicator node to view the indicator and to highlight related detections and devices.

Right-click an Indicator node to show/hide the label or the node, or add an annotation.

Connector lines

Hover over the connector lines to view summary information pertaining to what the line connects, such as the indicators, device IPs, and/or detections. Related devices, detections, or indicators will be highlighted.

Right-click a connector line to resolve the detection or mute the device for that detector. If any node is a group or can be grouped, you will have an option to Expand (ungroup) or Collapse (regroup) the set of nodes.

Quick views

Click a node in the Visualizer to open the Quick View panel at the right side of the screen. Quick Views display summary information as well as a series of detail-view options and actions. The available options and actions will vary depending on the type of node selected.

2021.6-viz-device-quickview

Summary

Provides a summary of the detection and corresponding devices along with options to access further details:

Software

Displays the Version, Events, First Seen and Last Seen for the software detected on the device.

Indicators

Displays the Indicators list.

Accounts

Displays the Account, User, First Seen, Last Seen and Service detected on the device.

DHCP

Displays the Dynamic Host Configuration Protocol.

Detections

Shows a list of detections, each citing the date and time it was last seen and the impacted account;

  • Click an item to open the detector view

  • Click the options drop-down on an item to resolve the detection or mute the device for the specified detector or account

PDNS

Displays the Passive DNS/

Query

Displays the query.

Virus Total

Displays the total number of viruses detected.

WHOIS

Provides registered domain information.

Nodes

Nodes

You can hover over all the nodes in the Visualizer to view summary information about a rule, device, indicator or connector line. Click a node to open the Quick View panel on the right side of the page. Right-click a node to open a context menu.

Detector nodes

Hover over a detector node to view related information about the detection such as the detector's Category, Severity, Confidence rating as well as the number of Active and Resolved Detections. The detector and its impacted devices are also highlighted.

Device nodes

Hover over a device node, to view the device IP address. If you hover over a device group, the list of IP addresses is shown. The device group and related detections will be highlighted.

Right-click a device node to show/hide the label or the node, add an annotation, or mute the device

Indicator node

Hover over an indicator node to view the indicator and to highlight related detections and devices.

Right-click an Indicator node to show/hide the label or the node, or add an annotation.

Connector lines

Hover over the connector lines to view summary information pertaining to what the line connects, such as the indicators, device IPs, and/or detections. Related devices, detections, or indicators will be highlighted.

Right-click a connector line to resolve the detection or mute the device for that detector. If any node is a group or can be grouped, you will have an option to Expand (ungroup) or Collapse (regroup) the set of nodes.

Quick views

Click a node in the Visualizer to open the Quick View panel at the right side of the screen. Quick Views display summary information as well as a series of detail-view options and actions. The available options and actions will vary depending on the type of node selected.

2021.6-viz-device-quickview

Summary

Provides a summary of the detection and corresponding devices along with options to access further details:

Software

Displays the Version, Events, First Seen and Last Seen for the software detected on the device.

Indicators

Displays the Indicators list.

Accounts

Displays the Account, User, First Seen, Last Seen and Service detected on the device.

DHCP

Displays the Dynamic Host Configuration Protocol.

Detections

Shows a list of detections, each citing the date and time it was last seen and the impacted account;

  • Click an item to open the detector view

  • Click the options drop-down on an item to resolve the detection or mute the device for the specified detector or account

PDNS

Displays the Passive DNS/

Query

Displays the query.

Virus Total

Displays the total number of viruses detected.

WHOIS

Provides registered domain information.