Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.7.0
    2024.10.0
    2024.9.0
    2024.7.0

    Viewing investigation details

    Viewing investigation details

    To view the investigation details.

    1. Go to Investigations, and click an investigation name.

    2. Click an investigation name. The investigations details page displays the following information:

      • Investigation Creator
      • Link to single or multiple related detections
      • IQL query
      • Notes (if any)
      • Date/time the query was added
      • Number of events (if complete)
      • Executed Playbooks that are part of that investigation
      • Close date (if investigation was closed)

      Related Detections

      Tooltip

      If the investigation contains more than one related detection, the MORE>> link appears. You can click the link to view all the related detections.

    Query Status Icons

    Query Status Icon 2

    Query completed successfully. Results (if any) are available.

    Query Status Running

    Query is currently running.

    Query Status Running

    Query is queued to run. It will run automatically when resources are available.

    Query Status Running

    Query failed due to an internal error. If problem persists, please contact Fortinet support.

    You can click any related detections name to view detection details.

    Related Detections 2

    View results

    Click the View Results to view the following information:

    • IQL Query string

    • Date Range

    • Number of events

    • A table of the events where you can:

      • Click on column filter to change the visible columns in the way that the current event search does including column visibility sets.

      • Click the CSV button to export the results as a CSV file

    Tooltip

    Hold down the Shift key and use the scroll wheel on your mouse to quickly scroll through the column headings.

    Investigation Results

    Previous
    Next

    Viewing investigation details

    Viewing investigation details

    To view the investigation details.

    1. Go to Investigations, and click an investigation name.

    2. Click an investigation name. The investigations details page displays the following information:

      • Investigation Creator
      • Link to single or multiple related detections
      • IQL query
      • Notes (if any)
      • Date/time the query was added
      • Number of events (if complete)
      • Executed Playbooks that are part of that investigation
      • Close date (if investigation was closed)

      Related Detections

      Tooltip

      If the investigation contains more than one related detection, the MORE>> link appears. You can click the link to view all the related detections.

    Query Status Icons

    Query Status Icon 2

    Query completed successfully. Results (if any) are available.

    Query Status Running

    Query is currently running.

    Query Status Running

    Query is queued to run. It will run automatically when resources are available.

    Query Status Running

    Query failed due to an internal error. If problem persists, please contact Fortinet support.

    You can click any related detections name to view detection details.

    Related Detections 2

    View results

    Click the View Results to view the following information:

    • IQL Query string

    • Date Range

    • Number of events

    • A table of the events where you can:

      • Click on column filter to change the visible columns in the way that the current event search does including column visibility sets.

      • Click the CSV button to export the results as a CSV file

    Tooltip

    Hold down the Shift key and use the scroll wheel on your mouse to quickly scroll through the column headings.

    Investigation Results

    Previous
    Next