Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.9.0
    2024.10.0
    2024.9.0
    2024.7.0

    Assigning detections

    Assigning detections

    You can assign an active detection to any active user with any role in the current account from the Detections Table, Triage Device, and the Triage Rules pages.

    Assigning detections from the Detections Table

    To assign a detection from the Detections Table:
    1. Go to Detections > Detections Table.
    2. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.

    3. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    4. (Optional) Enter a comment in the Comments field.
    5. Click Confirm. A confirmation appears at the top of the page.
    To bulk assign detections:
    1. Go to Detections > Detections Table.
    2. Select the detections you want to assign. The Tools menu appears.
    3. Select Assign <#> Detections. The Assign dialog opens.

    4. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    5. (Optional) Enter a comment in the Comments field.
    6. Click Confirm. A confirmation appears at the top of the page.
    To unassign detections:
    1. Go to Detections > Detections Table.
    2. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.
    3. From the Assignee dropdown, select Unassigned.
    4. (Optional) Enter a comment in the Comments field.
    5. Click Confirm. A confirmation appears at the top of the page.

    Assigning detections from the Triage Devices page

    To assign detections from the Triage Device page:
    1. Go to Detections > Triage Devices
    2. In the Impacted Devices pane, select a device.
    3. In the detections table at the bottom of the page, scroll to the Detection Rule column and click a rule.

    4. At the bottom of the page, click Assign Detection. The Assign dialog opens.

    5. From the Assignee dropdown, select Unassigned.
    6. (Optional) Enter a comment in the Comments field.
    7. Click Confirm. A confirmation appears at the top of the page.

    Assigning detections from the Triage Rules page

    To assign a detection from the Triage Rules page:
    1. Go to Detections > Triage Rules. The Triage Rules page opens.
    2. Open a rule in the list.
    3. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.

    4. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    5. (Optional) Enter a comment in the Comments field.
    6. Click Confirm. A confirmation appears at the top of the page.

    Viewing assigned detections

    Detections Table

    The Detections Table contains four columns with assignment information:

    Assigned Comment Notes about the detection to the assignee.
    Assignee The name of the user assigned to the detection.
    Current Assign Time The date and time the assignment was updated.
    Initial Assign Time The date and time the detection was assigned.

    You can also use the filter to show Assigned and Unassigned detections.

    Triage Rules and Triage Devices

    The Assigned Comment, Assignee, Current Assign Time and Initial Assign Time columns appear in the detections table of the Triage Rules and Triage Devices pages. To filter the table, use the Assigned, Unassiagned and Assigned to filters at the top of the table.

    Previous
    Next

    Assigning detections

    Assigning detections

    You can assign an active detection to any active user with any role in the current account from the Detections Table, Triage Device, and the Triage Rules pages.

    Assigning detections from the Detections Table

    To assign a detection from the Detections Table:
    1. Go to Detections > Detections Table.
    2. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.

    3. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    4. (Optional) Enter a comment in the Comments field.
    5. Click Confirm. A confirmation appears at the top of the page.
    To bulk assign detections:
    1. Go to Detections > Detections Table.
    2. Select the detections you want to assign. The Tools menu appears.
    3. Select Assign <#> Detections. The Assign dialog opens.

    4. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    5. (Optional) Enter a comment in the Comments field.
    6. Click Confirm. A confirmation appears at the top of the page.
    To unassign detections:
    1. Go to Detections > Detections Table.
    2. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.
    3. From the Assignee dropdown, select Unassigned.
    4. (Optional) Enter a comment in the Comments field.
    5. Click Confirm. A confirmation appears at the top of the page.

    Assigning detections from the Triage Devices page

    To assign detections from the Triage Device page:
    1. Go to Detections > Triage Devices
    2. In the Impacted Devices pane, select a device.
    3. In the detections table at the bottom of the page, scroll to the Detection Rule column and click a rule.

    4. At the bottom of the page, click Assign Detection. The Assign dialog opens.

    5. From the Assignee dropdown, select Unassigned.
    6. (Optional) Enter a comment in the Comments field.
    7. Click Confirm. A confirmation appears at the top of the page.

    Assigning detections from the Triage Rules page

    To assign a detection from the Triage Rules page:
    1. Go to Detections > Triage Rules. The Triage Rules page opens.
    2. Open a rule in the list.
    3. Click the Actions menu at the right side of the page and select Assign Detection. The Assign dialog opens.

    4. From the Assignee dropdown, select a user from the list. You have the option of assigning the detection to yourself.
    5. (Optional) Enter a comment in the Comments field.
    6. Click Confirm. A confirmation appears at the top of the page.

    Viewing assigned detections

    Detections Table

    The Detections Table contains four columns with assignment information:

    Assigned Comment Notes about the detection to the assignee.
    Assignee The name of the user assigned to the detection.
    Current Assign Time The date and time the assignment was updated.
    Initial Assign Time The date and time the detection was assigned.

    You can also use the filter to show Assigned and Unassigned detections.

    Triage Rules and Triage Devices

    The Assigned Comment, Assignee, Current Assign Time and Initial Assign Time columns appear in the detections table of the Triage Rules and Triage Devices pages. To filter the table, use the Assigned, Unassiagned and Assigned to filters at the top of the table.

    Previous
    Next