Fortinet black logo

Administration Guide

Home FortiNDR 7.0.5 Administration Guide
7.0.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Automation log

Automation log

Automation Log records each enforcement action generated by FortiNDR.

The Violations column shows the total number of malware detections and NDR anomalies found on that target device. Double-click a log entry to see more details about the violation, such as malicious files that caused the violation. The number of violations is calculated within the digest cycle of 1 minute.

The Enforcement Profile column indicates which profile the enforcement settings set at the time the event is triggered.

Violation details

Automation Status and Post action

The following table is a summary of the Status and its relationship with Post Action. You can execute a post action by selecting an entry and clicking an action button above the table.

Status

Description

Possible Post Action

Active

When enforcement action fails, the system retries for five times.

If the action succeeds, the Status changes to Executed.

If the action fails, the Status changes back to Active.

None

Executed

Enforcement action succeeded.

Undo Action

Failed

Exceed the retry limit of five times.

Manual Execution

Duplicated

Another executed entry has been detected with same automation profile, target IP and target mac address.

None

Undo Success

Undo an enforcement action that succeeded.

None

Omitted

Action was prohibited from execution by restriction, for example, allow-listed.

Manual Execution
Previous
Next

Automation log

Automation Log records each enforcement action generated by FortiNDR.

The Violations column shows the total number of malware detections and NDR anomalies found on that target device. Double-click a log entry to see more details about the violation, such as malicious files that caused the violation. The number of violations is calculated within the digest cycle of 1 minute.

The Enforcement Profile column indicates which profile the enforcement settings set at the time the event is triggered.

Violation details

Automation Status and Post action

The following table is a summary of the Status and its relationship with Post Action. You can execute a post action by selecting an entry and clicking an action button above the table.

Status

Description

Possible Post Action

Active

When enforcement action fails, the system retries for five times.

If the action succeeds, the Status changes to Executed.

If the action fails, the Status changes back to Active.

None

Executed

Enforcement action succeeded.

Undo Action

Failed

Exceed the retry limit of five times.

Manual Execution

Duplicated

Another executed entry has been detected with same automation profile, target IP and target mac address.

None

Undo Success

Undo an enforcement action that succeeded.

None

Omitted

Action was prohibited from execution by restriction, for example, allow-listed.

Manual Execution
Previous
Next