Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.0 User Guide
    7.5.0
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Miscellaneous Advanced Search Operations

    Miscellaneous Advanced Search Operations

    Saving Advanced Search Definition and/or Results

    To save a Search definition or results, take the following steps.

    1. Click the Save as Report () icon.

    • To Save a Search definition:

      1. Under the Report Name field, edit the report name and description if needed.
      2. Check the Save Definition checkbox.
      3. Under Save To, choose the folder where the definition is to be saved.
      4. Click OK.

    • To Save Search results:

      1. Under the Report Name field, edit the report name and description if needed.
      2. Check the Save Results checkbox, and make any changes to the number of hours/days if needed.
      3. Click OK.

    Viewing Saved Advanced Search Results

    To view previously saved Advanced Search results, take the following steps.

    1. Click Load Report.
    2. Click Saved Results.
    3. Click the saved result, click , then click View Results.
    4. The Query Console panel shows the Search SQL. The results appear in the Query Results panel.

    Creating a Rule

    To create a scheduled SQL rule, take the following steps.

    1. Click Create Rule.
    2. You will be automatically taken to the Create Rule section, with the current SQL query auto-populated in the Step 2: Define Condition SQL Query field.
      Note: The Query Time window is defined by the SQL query.

    3. Configure the rule as needed. For more information, see here.

      note icon If you would like to use an existing report as a template for an SQL query, navigate to Resources > Reports > Advanced Search, select a report, and from the sidebar, click Copy to clipboard to get the SQL.

    Exporting Search Results

    To export search results, take the following steps.

    1. Click the Export Result () icon.
    2. In the Export Report window, take the following steps.
      1. (Optional) In the User Notes field, enter any information you wish to include about the search results.
      2. From the Output Format selection, choose PDF or CSV.
      3. Use the Time Zone drop-down options to configure the time and date format when the exported results were generated.
      4. Click Generate.
      5. Click View and your results will be downloaded.

    Importing and Exporting Advanced Search Definition

    Importing and exporting search definitions can be done from Resources > Reports > Advanced Search.

    1. Navigate to Resources > Reports > Advanced Search.
    • To export:
      1. Select the report you want to export the definition of.
      2. Click the Export () icon.
      3. An XML file will be generated and downloaded to your local workstation.
    • To import, you must have saved the report in an XML file in your local workstation.
      1. Click the Import () icon.
      2. Click Choose File, and select the XML file.
      3. Click Import and the report will appear in the Reports > Advanced Search folder.

    Emailing Search Results

    You must first configure email settings under Admin > Settings > System > Email.

    With the search result displayed in Analytics tab, complete these steps to email search results:

    1. Click the Email Result () icon.
    2. Enter the receiver email address in the To field.
    3. Enter the Subject of the email.
    4. Enter any Description about the email.
    5. Enter any User Notes about the search results (optional).
    6. Choose the Output Format as PDF or CSV.
    7. Select the Time Zone of the data from the drop-down list.
    8. Select a Template if you select PDF format:
      • Defined: To use the template defined for this report defined under Resources > Reports or use the system default template for Analytics export.
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    9. Click Send.
    Previous
    Next

    Miscellaneous Advanced Search Operations

    Miscellaneous Advanced Search Operations

    Saving Advanced Search Definition and/or Results

    To save a Search definition or results, take the following steps.

    1. Click the Save as Report () icon.

    • To Save a Search definition:

      1. Under the Report Name field, edit the report name and description if needed.
      2. Check the Save Definition checkbox.
      3. Under Save To, choose the folder where the definition is to be saved.
      4. Click OK.

    • To Save Search results:

      1. Under the Report Name field, edit the report name and description if needed.
      2. Check the Save Results checkbox, and make any changes to the number of hours/days if needed.
      3. Click OK.

    Viewing Saved Advanced Search Results

    To view previously saved Advanced Search results, take the following steps.

    1. Click Load Report.
    2. Click Saved Results.
    3. Click the saved result, click , then click View Results.
    4. The Query Console panel shows the Search SQL. The results appear in the Query Results panel.

    Creating a Rule

    To create a scheduled SQL rule, take the following steps.

    1. Click Create Rule.
    2. You will be automatically taken to the Create Rule section, with the current SQL query auto-populated in the Step 2: Define Condition SQL Query field.
      Note: The Query Time window is defined by the SQL query.

    3. Configure the rule as needed. For more information, see here.

      note icon If you would like to use an existing report as a template for an SQL query, navigate to Resources > Reports > Advanced Search, select a report, and from the sidebar, click Copy to clipboard to get the SQL.

    Exporting Search Results

    To export search results, take the following steps.

    1. Click the Export Result () icon.
    2. In the Export Report window, take the following steps.
      1. (Optional) In the User Notes field, enter any information you wish to include about the search results.
      2. From the Output Format selection, choose PDF or CSV.
      3. Use the Time Zone drop-down options to configure the time and date format when the exported results were generated.
      4. Click Generate.
      5. Click View and your results will be downloaded.

    Importing and Exporting Advanced Search Definition

    Importing and exporting search definitions can be done from Resources > Reports > Advanced Search.

    1. Navigate to Resources > Reports > Advanced Search.
    • To export:
      1. Select the report you want to export the definition of.
      2. Click the Export () icon.
      3. An XML file will be generated and downloaded to your local workstation.
    • To import, you must have saved the report in an XML file in your local workstation.
      1. Click the Import () icon.
      2. Click Choose File, and select the XML file.
      3. Click Import and the report will appear in the Reports > Advanced Search folder.

    Emailing Search Results

    You must first configure email settings under Admin > Settings > System > Email.

    With the search result displayed in Analytics tab, complete these steps to email search results:

    1. Click the Email Result () icon.
    2. Enter the receiver email address in the To field.
    3. Enter the Subject of the email.
    4. Enter any Description about the email.
    5. Enter any User Notes about the search results (optional).
    6. Choose the Output Format as PDF or CSV.
    7. Select the Time Zone of the data from the drop-down list.
    8. Select a Template if you select PDF format:
      • Defined: To use the template defined for this report defined under Resources > Reports or use the system default template for Analytics export.
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    9. Click Send.
    Previous
    Next