Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.9.0
    2024.10.0
    2024.9.0
    2024.7.0

    Filtering the Visualizer

    Filtering the Visualizer

    Use the filters at the top of the visualizer to change the content displayed in the canvas. Some filter options are static, others are dynamic based on the criteria selected elsewhere. When you modify the filter, the graph will be redrawn per the selected options.

    Note

    The Visualizer can retrieve up to 10,000 detections from the API regardless of the filter criteria.

    Nodes

    Use the Nodes filter to select the types of nodes to display. There are three types of nodes:

    • Indicators
    • Impacted Devices
    • Detection Rules
    Note

    When the Indicators option is selected, groups of indicators and impacted devices related to the same rule may be clustered together on the graph. While any combination can be selected, omitting Detection Rules will usually result in a disjointed graph.

    2021.6-viz-node-type

    Rule Name

    Use the Rule Name filter to hide or display rules. The rules displayed will depend on the other criteria selected in the report. Only the rules that are relevant to the rest of the criteria (such as Date Range, Device/Detections/Rule Status, Severity) can be selected.

    viz-rule-name

    Date Range

    Use the date-range selector to specify the date range to display.

    viz-date-range

    Filter by Status

    You can refine the results in the Visualizer by Detection Status, Device Status, or Rule Status. Changing the status filters will initiate a new query to the Detections API and refresh the graph. All other filter changes will filter the existing data and redraw the graph.

    viz-filter

    Previous
    Next

    Filtering the Visualizer

    Filtering the Visualizer

    Use the filters at the top of the visualizer to change the content displayed in the canvas. Some filter options are static, others are dynamic based on the criteria selected elsewhere. When you modify the filter, the graph will be redrawn per the selected options.

    Note

    The Visualizer can retrieve up to 10,000 detections from the API regardless of the filter criteria.

    Nodes

    Use the Nodes filter to select the types of nodes to display. There are three types of nodes:

    • Indicators
    • Impacted Devices
    • Detection Rules
    Note

    When the Indicators option is selected, groups of indicators and impacted devices related to the same rule may be clustered together on the graph. While any combination can be selected, omitting Detection Rules will usually result in a disjointed graph.

    2021.6-viz-node-type

    Rule Name

    Use the Rule Name filter to hide or display rules. The rules displayed will depend on the other criteria selected in the report. Only the rules that are relevant to the rest of the criteria (such as Date Range, Device/Detections/Rule Status, Severity) can be selected.

    viz-rule-name

    Date Range

    Use the date-range selector to specify the date range to display.

    viz-date-range

    Filter by Status

    You can refine the results in the Visualizer by Detection Status, Device Status, or Rule Status. Changing the status filters will initiate a new query to the Detections API and refresh the graph. All other filter changes will filter the existing data and redraw the graph.

    viz-filter

    Previous
    Next