Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    25.4.a
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    Sensors

    Sensors

    The Sensors page shows the sensors deployed in your account, both in the aggregate and individually. Use this page to generate provisioning codes, check the status of individual sensors, and view telemetry data.

    To access to the Sensors page, click the gear icon at the top-right of the page and select Sensors from the menu.

    Sensor ID

    Click the Sensor ID to view the sensor Status, Telemetry and Settings pages. For information, see Sensor details

    Tooltip

    You can pivot to the Sensor Details page from the Sensor ID column in the detections Details. Go to Detections > Triage detections and open a detector. Click a sensor in the Sensor ID column. If the sensor is available, the Sensor Details page opens.
    Status

    The sensor connection status.

    Online

    Sensor is connected to FortiNDR Cloud within last hour.

    Offline

    No telemetry data received by the sensor for at least an hour.

    Provisioning

    Provisioning code has been created and made initial connection but provisioning process is not complete.

    Decommissioned

    Sensor has been factory reset (only applicable for 1.12 or above).

    Decommissioned (legacy)

    A sensor earlier than 1.12 has been marked as decommissioned and has not sent any additional data. If sensor sends data to FortiNDR Cloud, status will change to Online.

    Decommissioned (auto)

    A sensor 1.12 or later has been marked as decommissioned, but has not communicated with FortiNDR Cloud in the last 7 days. If the sensor later connects to FortiNDR Cloud, it should factory reset itself and switch to Decommissioned status.

    Decommission Pending

    The sensor decommissioning has been initiated.

    Paused

    The sensor is not receiving traffic and can be enabled later.

    Pausing

    The sensor is in the process of being paused. You cannot resume a sensor while it is in this state.

    Resuming

    The sensor is in the process of being resumed. You cannot pause a sensor while it is in this state.

    Shutdown

    A Zscaler virtual sensor is no longer active.

    All other statuses are written by the sensor itself.

    Version

    The sensor version. Unknown is displayed when there is no data for the version.
    Labels Annotations that are applied to the sensor. See, Manage annotations.
    Location The sensor location.

    EPS (7 Day Average)

    The average throughput over last 7 days as Events Per Second.
    BITS/S (7 Day Average) The average throughput over last 7 days as Bits Per Second.
    Type The platform the sensor was deployed on.

    Features

    Lists the enabled tools used to analyze network traffic and detect anomalies, such as Suricata, PCAP or DPI.

    Sensors toolbar

    The following table describes the toolbar options available on the page and their functions:

    Filter the page by Status, Type, Version or Features .
    View the sensor analytics. See Account telemetry.
    View network devices detected by sensors, with options to filter, drill down into subnets and hosts, and analyze traffic patterns over time. See Device view.
    Download the sensor image or provision a sensor.
    Show or hide columns on the page.
    Down load the sensor data a CSV file.

    Account telemetry

    The Telemetry page displays aggregated telemetry data from all sensors in your account. The legend at the right side of the page lists the entries in descending order from highest to lowest. You can use the toggles in the legend to show or hide lines in the graph.

    Tooltip

    To view the telemetry for each sensor, click the Telemetry tab in the Sensor Status page. See Sensor details.
    To view the Account Telemetry page:
    1. Click the gear icon at the top-right of page select Sensors.
    2. Click the Telemetry button at the top-right of the page. The Throughput page opens.
    3. (Optional) Click Chart Type to switch between Line and Bar views.

    4. (Optional) Filter the page.

      Group byView the telemetry data by Sensor, Event Type, or Interface when available.
      IntervalSelect Day, Hour or 5 minutes.
      Date RangeClick to configure the date range using the date picker, or choose a value from the Quick Ranges list.
    5. Click the CSV button to export the data as a CSV file. The CSV file will download everything in the graph. You can use the legend to select the sensor data you want to download.
    Previous
    Next

    Sensors

    Sensors

    The Sensors page shows the sensors deployed in your account, both in the aggregate and individually. Use this page to generate provisioning codes, check the status of individual sensors, and view telemetry data.

    To access to the Sensors page, click the gear icon at the top-right of the page and select Sensors from the menu.

    Sensor ID

    Click the Sensor ID to view the sensor Status, Telemetry and Settings pages. For information, see Sensor details

    Tooltip

    You can pivot to the Sensor Details page from the Sensor ID column in the detections Details. Go to Detections > Triage detections and open a detector. Click a sensor in the Sensor ID column. If the sensor is available, the Sensor Details page opens.
    Status

    The sensor connection status.

    Online

    Sensor is connected to FortiNDR Cloud within last hour.

    Offline

    No telemetry data received by the sensor for at least an hour.

    Provisioning

    Provisioning code has been created and made initial connection but provisioning process is not complete.

    Decommissioned

    Sensor has been factory reset (only applicable for 1.12 or above).

    Decommissioned (legacy)

    A sensor earlier than 1.12 has been marked as decommissioned and has not sent any additional data. If sensor sends data to FortiNDR Cloud, status will change to Online.

    Decommissioned (auto)

    A sensor 1.12 or later has been marked as decommissioned, but has not communicated with FortiNDR Cloud in the last 7 days. If the sensor later connects to FortiNDR Cloud, it should factory reset itself and switch to Decommissioned status.

    Decommission Pending

    The sensor decommissioning has been initiated.

    Paused

    The sensor is not receiving traffic and can be enabled later.

    Pausing

    The sensor is in the process of being paused. You cannot resume a sensor while it is in this state.

    Resuming

    The sensor is in the process of being resumed. You cannot pause a sensor while it is in this state.

    Shutdown

    A Zscaler virtual sensor is no longer active.

    All other statuses are written by the sensor itself.

    Version

    The sensor version. Unknown is displayed when there is no data for the version.
    Labels Annotations that are applied to the sensor. See, Manage annotations.
    Location The sensor location.

    EPS (7 Day Average)

    The average throughput over last 7 days as Events Per Second.
    BITS/S (7 Day Average) The average throughput over last 7 days as Bits Per Second.
    Type The platform the sensor was deployed on.

    Features

    Lists the enabled tools used to analyze network traffic and detect anomalies, such as Suricata, PCAP or DPI.

    Sensors toolbar

    The following table describes the toolbar options available on the page and their functions:

    Filter the page by Status, Type, Version or Features .
    View the sensor analytics. See Account telemetry.
    View network devices detected by sensors, with options to filter, drill down into subnets and hosts, and analyze traffic patterns over time. See Device view.
    Download the sensor image or provision a sensor.
    Show or hide columns on the page.
    Down load the sensor data a CSV file.

    Account telemetry

    The Telemetry page displays aggregated telemetry data from all sensors in your account. The legend at the right side of the page lists the entries in descending order from highest to lowest. You can use the toggles in the legend to show or hide lines in the graph.

    Tooltip

    To view the telemetry for each sensor, click the Telemetry tab in the Sensor Status page. See Sensor details.
    To view the Account Telemetry page:
    1. Click the gear icon at the top-right of page select Sensors.
    2. Click the Telemetry button at the top-right of the page. The Throughput page opens.
    3. (Optional) Click Chart Type to switch between Line and Bar views.

    4. (Optional) Filter the page.

      Group byView the telemetry data by Sensor, Event Type, or Interface when available.
      IntervalSelect Day, Hour or 5 minutes.
      Date RangeClick to configure the date range using the date picker, or choose a value from the Quick Ranges list.
    5. Click the CSV button to export the data as a CSV file. The CSV file will download everything in the graph. You can use the legend to select the sensor data you want to download.
    Previous
    Next