Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    26.2.0
    26.2.0
    26.1.b
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    Observation details

    Observation details

    The Observation Details page provides an in‑depth view of a specific network behavior detected by FortiNDR Cloud. It summarizes the observation type, explains why it was triggered, and presents a timeline showing how often the behavior has occurred. The page also includes a table listing up to 1,000 recent observation instances with key attributes such as source, destination, confidence level, and risk score to help you investigate patterns and assess severity.

    You can adjust the time range by selecting any 90‑day period within the past year using the date picker. To view observation details for a specific device, enter its IP address in the Device IP to search field. To filter by confidence level, choose All, H, M, or L (Low, Moderate, or High).

    Frequency of observation graph

    The Frequency of Observation graph shows how often a specific observation has occurred over time, categorized by confidence level.

    • Hover over the graph to view the number of instances by confidence level.
    • To filter the table, click a confidence level (Low, Moderate, or High).
    • Click on a bar in the graph to apply its time range and confidence filter to the page.
    • Hover over a confidence level at the top of the graph to isolate it.

    Observation instances table

    The Observation Instances table displays the most recent instances for the selected observation, up to 1,000 entries.

    • Click any column header to sort the table by that column.
    • To refine the table, enter a search term in the Filter current observation results field and click Filter.

    Observation selector

    Use the observation selector at the top-center of the page to switch between different observations available for your account.

    Previous
    Next

    Observation details

    Observation details

    The Observation Details page provides an in‑depth view of a specific network behavior detected by FortiNDR Cloud. It summarizes the observation type, explains why it was triggered, and presents a timeline showing how often the behavior has occurred. The page also includes a table listing up to 1,000 recent observation instances with key attributes such as source, destination, confidence level, and risk score to help you investigate patterns and assess severity.

    You can adjust the time range by selecting any 90‑day period within the past year using the date picker. To view observation details for a specific device, enter its IP address in the Device IP to search field. To filter by confidence level, choose All, H, M, or L (Low, Moderate, or High).

    Frequency of observation graph

    The Frequency of Observation graph shows how often a specific observation has occurred over time, categorized by confidence level.

    • Hover over the graph to view the number of instances by confidence level.
    • To filter the table, click a confidence level (Low, Moderate, or High).
    • Click on a bar in the graph to apply its time range and confidence filter to the page.
    • Hover over a confidence level at the top of the graph to isolate it.

    Observation instances table

    The Observation Instances table displays the most recent instances for the selected observation, up to 1,000 entries.

    • Click any column header to sort the table by that column.
    • To refine the table, enter a search term in the Filter current observation results field and click Filter.

    Observation selector

    Use the observation selector at the top-center of the page to switch between different observations available for your account.

    Previous
    Next