Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.2.6 User Guide
    7.2.6
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Editing Users

    Editing User Information

    Complete these steps to edit a CMDB user:

    1. Navigate to CMDB > Users.
    2. Select a User, and click Edit.
    3. Click on the General tab.
      1. Change the user profile information in the User Name, Full Name, Job Title and Company fields, if needed.
      2. Click the Importance drop-down list to select the importance of this user - "Normal", "Important", "Critical", or "Mission Critical".
      3. Enable Active if this is an active user.
      4. Update the user's Domain.
      5. Update the user's Distinguished Name DN.
      6. Update the Employee ID of the user.
      7. Select the Manager to which this user belongs.
      8. Click Alias to update any alias information for the user.
        1. In the Alias field, provide the alias user name.
        2. From the Identity Provider field, enter/select from AWS IAM, DUO, or Microsoft AD.
        3. In the Description field, enter any additional information about the alias.
        4. If another Alias is needed, in the Row column, click + to add another row for another alias, and repeat steps i-iii.
        5. Click Save when done.
      9. Click the Team Lead checkbox to define a user as a Team Lead for Case Management.
        Note: This option is only available for users created under FortiSIEM Analysts Group.
      10. Update any Description about the user.
    4. Click on the Contact tab.
      1. Update user contact information to the appropriate contact information fields - Work Phone, Mobile Phone, Home Phone, SMS, SMS Provider, ZIP, Email, Address, City, State, and Country field.
      2. If your company uses S/MIME for email, make sure the Email field is filled out, and upload the S/MIME certificate in the Certificate field by clicking Upload, and selecting your certificate.
      3. Click Save when done.
    5. Click on the FortiSIEM Attributes tab.
      1. For User Unlock, select Unlock by Administrator or Delay next login for ## minutes. If Delay next login for ## minutes is selected, enter the number of minutes the user will be unable to log into the system after five successive authentication failures.
      2. For Idle Timeout, enter the number of minutes after which an inactive user will be logged out.

      3. For Password Reset, enter the number of days after which a user’s current password for logging in to the system will automatically expire. If left blank, the user's password will never expire.
      4. For FortiSIEM Role, enable by selecting the FortiSIEM Role checkbox.
        1. For Mode, select Local or External.
          If you select Local, enter and then reconfirm the user password. For External, see Authentication Settings for more information about using external authentication.
          Notes:
          • If more than one authentication profile is associated with a user, then the servers will be contacted one-by-one until a connection to one of them is successful. Once a server has been contacted, if the authentication fails, the process ends, and the user is notified that the authentication failed.
          • For local users, passwords must contain between 8 and 64 characters, and must include 1 letter, 1 numeric character and 1 special character.
        2. Select a Default Role for the user.
          See the topic Role Settings for a list of default roles and permission. You can also create new roles, which will be available in this menu after you create them.

          If this FortiSIEM Role user should be allowed to approve de-anonymization requests, ensure the Deobfuscation Approver role has been configured in Role Settings and that this configured role is selected here.

          If the FortiSIEM Role user should be allowed to approve remediation requests, ensure the Remediation Approver role has been configured in Role Settings and that this configured role is selected here.

          For Case Management, FortiSIEM recommends choosing Full Admin to get the permissions needed to handle any case.
        3. Click Save when done.
      5. Click on Work Schedule to configure the user's work schedule.
        Note: This option is only available for users created under FortiSIEM Analysts Group.
        1. Under Time Range, enter the Start Time, End Time, and select the Time Zone from the Time and Region drop-down lists.
        2. Under Recurrence Pattern, select Recurring Days, then select the Repeat Days and Repeat Months, or select Recurring Dates, followed by selecting the Repeat Dates, and Repeat Months.
        3. Under Recurrence Range, click on the Start From field, and select the start date. Next, select No end date or End By. If End By is selected, click on the End By field, and select the end date.
          Click Save when done.
      6. Click on Time Off Schedule to configure when a user plans to be off work.
        Notes:
        This option is only available for users created under FortiSIEM Analysts Group.
        When you configure Time Off, you should only select the period of time that will be taken off from the work schedule, i.e., if a user works from 8:00am-5:00pm, then the time off period should be 8:00am-5:00pm.
        1. Under Time Range, enter the Start Time, End Time, and select the Time Zone from the Time and Region drop-down lists.
        2. Under Recurrence Pattern, select Recurring Days, then select the Repeat Days and Repeat Months, or select Recurring Dates, followed by selecting the Repeat Dates, and Repeat Months.
        3. Under Recurrence Range, click on the Start From field, and select the start date. Next, select No end date or End By. If End By is selected, click on the End By field, and select the end date.
        4. Click Save when done.
      7. Click Save when done.
    Previous
    Next

    Editing Users

    Editing User Information

    Complete these steps to edit a CMDB user:

    1. Navigate to CMDB > Users.
    2. Select a User, and click Edit.
    3. Click on the General tab.
      1. Change the user profile information in the User Name, Full Name, Job Title and Company fields, if needed.
      2. Click the Importance drop-down list to select the importance of this user - "Normal", "Important", "Critical", or "Mission Critical".
      3. Enable Active if this is an active user.
      4. Update the user's Domain.
      5. Update the user's Distinguished Name DN.
      6. Update the Employee ID of the user.
      7. Select the Manager to which this user belongs.
      8. Click Alias to update any alias information for the user.
        1. In the Alias field, provide the alias user name.
        2. From the Identity Provider field, enter/select from AWS IAM, DUO, or Microsoft AD.
        3. In the Description field, enter any additional information about the alias.
        4. If another Alias is needed, in the Row column, click + to add another row for another alias, and repeat steps i-iii.
        5. Click Save when done.
      9. Click the Team Lead checkbox to define a user as a Team Lead for Case Management.
        Note: This option is only available for users created under FortiSIEM Analysts Group.
      10. Update any Description about the user.
    4. Click on the Contact tab.
      1. Update user contact information to the appropriate contact information fields - Work Phone, Mobile Phone, Home Phone, SMS, SMS Provider, ZIP, Email, Address, City, State, and Country field.
      2. If your company uses S/MIME for email, make sure the Email field is filled out, and upload the S/MIME certificate in the Certificate field by clicking Upload, and selecting your certificate.
      3. Click Save when done.
    5. Click on the FortiSIEM Attributes tab.
      1. For User Unlock, select Unlock by Administrator or Delay next login for ## minutes. If Delay next login for ## minutes is selected, enter the number of minutes the user will be unable to log into the system after five successive authentication failures.
      2. For Idle Timeout, enter the number of minutes after which an inactive user will be logged out.

      3. For Password Reset, enter the number of days after which a user’s current password for logging in to the system will automatically expire. If left blank, the user's password will never expire.
      4. For FortiSIEM Role, enable by selecting the FortiSIEM Role checkbox.
        1. For Mode, select Local or External.
          If you select Local, enter and then reconfirm the user password. For External, see Authentication Settings for more information about using external authentication.
          Notes:
          • If more than one authentication profile is associated with a user, then the servers will be contacted one-by-one until a connection to one of them is successful. Once a server has been contacted, if the authentication fails, the process ends, and the user is notified that the authentication failed.
          • For local users, passwords must contain between 8 and 64 characters, and must include 1 letter, 1 numeric character and 1 special character.
        2. Select a Default Role for the user.
          See the topic Role Settings for a list of default roles and permission. You can also create new roles, which will be available in this menu after you create them.

          If this FortiSIEM Role user should be allowed to approve de-anonymization requests, ensure the Deobfuscation Approver role has been configured in Role Settings and that this configured role is selected here.

          If the FortiSIEM Role user should be allowed to approve remediation requests, ensure the Remediation Approver role has been configured in Role Settings and that this configured role is selected here.

          For Case Management, FortiSIEM recommends choosing Full Admin to get the permissions needed to handle any case.
        3. Click Save when done.
      5. Click on Work Schedule to configure the user's work schedule.
        Note: This option is only available for users created under FortiSIEM Analysts Group.
        1. Under Time Range, enter the Start Time, End Time, and select the Time Zone from the Time and Region drop-down lists.
        2. Under Recurrence Pattern, select Recurring Days, then select the Repeat Days and Repeat Months, or select Recurring Dates, followed by selecting the Repeat Dates, and Repeat Months.
        3. Under Recurrence Range, click on the Start From field, and select the start date. Next, select No end date or End By. If End By is selected, click on the End By field, and select the end date.
          Click Save when done.
      6. Click on Time Off Schedule to configure when a user plans to be off work.
        Notes:
        This option is only available for users created under FortiSIEM Analysts Group.
        When you configure Time Off, you should only select the period of time that will be taken off from the work schedule, i.e., if a user works from 8:00am-5:00pm, then the time off period should be 8:00am-5:00pm.
        1. Under Time Range, enter the Start Time, End Time, and select the Time Zone from the Time and Region drop-down lists.
        2. Under Recurrence Pattern, select Recurring Days, then select the Repeat Days and Repeat Months, or select Recurring Dates, followed by selecting the Repeat Dates, and Repeat Months.
        3. Under Recurrence Range, click on the Start From field, and select the start date. Next, select No end date or End By. If End By is selected, click on the End By field, and select the end date.
        4. Click Save when done.
      7. Click Save when done.
    Previous
    Next