Fortinet white logo
Fortinet white logo

User Guide

Default dashboard

Default dashboard

The default dashboard includes five widgets, most of which are focused on detection activity. You can use the dashboard as both an analytical and operational tool to view and act on the most important threats on your system.

Widget

Description

MITRE ATT&CK

Detections are organized based on the MITRE ATT&CK® framework.

  • There are two bars for every detection activity:

    • The left bar will show detections from previous time period.

    • The right bar will show detections from current time period.

  • The column names may differ depending on the coverage on each account,.

  • Click the dates at the top of the widget to filter the chart by the previous and current weeks.

  • Hover over the bars in the chart to view the discover counts.

  • Click the bars in the chart to open the Detections Table. See, Detections Table.

Observation

The Observations widget shows all of the observation counts for current week in descending order as a scollable table. The number of observations is displayed next to Observation Title.

  • You can click the Observation Title to pivot to observation detail page.
  • Click the column headers to sort the table.
  • Hover over the data points in the graph to view detailed information about the observation.

To filter the items in the widget:

  • Click Hide All Graphs and then click the toggle next to the observation you want to see.
  • Use the Confidence dropdown to filter observations based on the confidence level (All, High, Moderate or Low).

Notable Detection Rules

Highlights active rules with the highest severity and detection count.

Investigations

Highlights investigations with the most recent activity.

  • The table is sorted by Last Modified. Any investigations that are modified appear at the top.

  • Click Investigations to open the Investigations page. See Investigations.

  • Click an investigation name to open the Investigation Details page.

  • Hover over Last Modified By or Name to view more information.

Resolved Detections

Displays daily resolved detection counts over time to highlight changes in activity (Total, Average and Maximum).

You can click a data point in the chart or the Total detections, to view the resolved detections in the Defections Table.

Default dashboard

Default dashboard

The default dashboard includes five widgets, most of which are focused on detection activity. You can use the dashboard as both an analytical and operational tool to view and act on the most important threats on your system.

Widget

Description

MITRE ATT&CK

Detections are organized based on the MITRE ATT&CK® framework.

  • There are two bars for every detection activity:

    • The left bar will show detections from previous time period.

    • The right bar will show detections from current time period.

  • The column names may differ depending on the coverage on each account,.

  • Click the dates at the top of the widget to filter the chart by the previous and current weeks.

  • Hover over the bars in the chart to view the discover counts.

  • Click the bars in the chart to open the Detections Table. See, Detections Table.

Observation

The Observations widget shows all of the observation counts for current week in descending order as a scollable table. The number of observations is displayed next to Observation Title.

  • You can click the Observation Title to pivot to observation detail page.
  • Click the column headers to sort the table.
  • Hover over the data points in the graph to view detailed information about the observation.

To filter the items in the widget:

  • Click Hide All Graphs and then click the toggle next to the observation you want to see.
  • Use the Confidence dropdown to filter observations based on the confidence level (All, High, Moderate or Low).

Notable Detection Rules

Highlights active rules with the highest severity and detection count.

Investigations

Highlights investigations with the most recent activity.

  • The table is sorted by Last Modified. Any investigations that are modified appear at the top.

  • Click Investigations to open the Investigations page. See Investigations.

  • Click an investigation name to open the Investigation Details page.

  • Hover over Last Modified By or Name to view more information.

Resolved Detections

Displays daily resolved detection counts over time to highlight changes in activity (Total, Average and Maximum).

You can click a data point in the chart or the Total detections, to view the resolved detections in the Defections Table.