Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.1 User Guide
    7.5.1
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Working with Federated Search Results

    Working with Federated Search Results

    When the Query Results appear, the following options are available: Save as Report, Add Result to Case, Export Result and Email Result. You can also hover over any event from the results, and click on u to open the Details pane for that incident. This Details pane displays information including the raw event and OCSF event data, with search fields for both to locate specific information.

    Datasets from Federated Search can be used on the Analytics > Advanced Search page for your SQL queries. These are visible in the Advanced Search Database Schema () / Filters () pane by clicking the respective icon.

    Using the Filter

    From the Filters pane, select the attribute(s) you wish to apply to the current Query Results, then click + in the upper right Filters pane. There are some pre-defined FortiSIEM attributes that cannot be applied by the filter. If you accidentally apply these, a message will inform you of the inapplicable attribute.

    All database schema are type string except the following:

    time: Datetime64(3)

    port : UInt16

    Keep this in mind when working with ACS/DESC function for Display Conditions under Group By and Display Fields.

    Save Federated Search as Report

    Save a federated search by clicking the Save as Report () icon, and taking the following steps.

    1. In the Report Name field, leave the name or modify it as necessary.

    2. In the Report Description field, enter any information about the report you wish to include.

    3. Specify whether the Report Definition must be saved using the Save Definition checkbox. This allows you to re-run the query at a later time if checked.

    4. The default save location is Resources > Reports > Saved Report Results .

    5. Specify whether the Report results should be saved by checking the Save Results checkbox and then select the time duration. If this option is enabled, the results will be stored under the Saved Report Results folder under Resources.

    6. When done, click OK.

    Note: Federated Search Reports can also be added to a Widget Dashboard by navigating to + Add Report > Reports > Federated Search, selecting the report, accessing the drop-down icon drop-down and selecting > Add Report.

    Add Results to a Case

    You can add results to a Case by following these steps.

    1. Click the Add Result to Case () icon.

    2. In the File Name field, make any changes if needed, to the file name.

    3. Click the Edit Case () icon.

    4. Select the case to add the results to, and click OK.

    5. Click Add.

    Export Results to PDF

    Follow these steps to export Search Results to a PDF file and save it on you local workstation.

    1. Click the Export Result () icon.
    2. Enter the User Notes (optional).
    3. Specify the Output Format as PDF.
    4. Select the Time Zone of the data from the drop-down list.
    5. Select the Report Template option:
      • Defined: To use the template defined for this report defined under Resources > Reports, or use the system default template for Analytics export
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    6. Click Generate to generate the report.
    7. Click View to download the report to the local disk.

    Email Results

    You must first configure email settings under Admin > Settings > System > Email.

    Complete these steps to email search results:

    1. Click the Email Result () icon.
    2. Enter the receiver email address in the To field.
    3. Enter the Subject of the email.
    4. Enter any Description about the email.
    5. Enter any User Notes about the search results (optional).
    6. The Output Format is selected as PDF.
    7. Select the Time Zone of the data from the drop-down list.
    8. Select a Template option:
      • Defined: To use the template defined for this report defined under Resources > Reports or use the system default template for Analytics export.
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    9. Click Send.
    Previous
    Next

    Working with Federated Search Results

    Working with Federated Search Results

    When the Query Results appear, the following options are available: Save as Report, Add Result to Case, Export Result and Email Result. You can also hover over any event from the results, and click on u to open the Details pane for that incident. This Details pane displays information including the raw event and OCSF event data, with search fields for both to locate specific information.

    Datasets from Federated Search can be used on the Analytics > Advanced Search page for your SQL queries. These are visible in the Advanced Search Database Schema () / Filters () pane by clicking the respective icon.

    Using the Filter

    From the Filters pane, select the attribute(s) you wish to apply to the current Query Results, then click + in the upper right Filters pane. There are some pre-defined FortiSIEM attributes that cannot be applied by the filter. If you accidentally apply these, a message will inform you of the inapplicable attribute.

    All database schema are type string except the following:

    time: Datetime64(3)

    port : UInt16

    Keep this in mind when working with ACS/DESC function for Display Conditions under Group By and Display Fields.

    Save Federated Search as Report

    Save a federated search by clicking the Save as Report () icon, and taking the following steps.

    1. In the Report Name field, leave the name or modify it as necessary.

    2. In the Report Description field, enter any information about the report you wish to include.

    3. Specify whether the Report Definition must be saved using the Save Definition checkbox. This allows you to re-run the query at a later time if checked.

    4. The default save location is Resources > Reports > Saved Report Results .

    5. Specify whether the Report results should be saved by checking the Save Results checkbox and then select the time duration. If this option is enabled, the results will be stored under the Saved Report Results folder under Resources.

    6. When done, click OK.

    Note: Federated Search Reports can also be added to a Widget Dashboard by navigating to + Add Report > Reports > Federated Search, selecting the report, accessing the drop-down icon drop-down and selecting > Add Report.

    Add Results to a Case

    You can add results to a Case by following these steps.

    1. Click the Add Result to Case () icon.

    2. In the File Name field, make any changes if needed, to the file name.

    3. Click the Edit Case () icon.

    4. Select the case to add the results to, and click OK.

    5. Click Add.

    Export Results to PDF

    Follow these steps to export Search Results to a PDF file and save it on you local workstation.

    1. Click the Export Result () icon.
    2. Enter the User Notes (optional).
    3. Specify the Output Format as PDF.
    4. Select the Time Zone of the data from the drop-down list.
    5. Select the Report Template option:
      • Defined: To use the template defined for this report defined under Resources > Reports, or use the system default template for Analytics export
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    6. Click Generate to generate the report.
    7. Click View to download the report to the local disk.

    Email Results

    You must first configure email settings under Admin > Settings > System > Email.

    Complete these steps to email search results:

    1. Click the Email Result () icon.
    2. Enter the receiver email address in the To field.
    3. Enter the Subject of the email.
    4. Enter any Description about the email.
    5. Enter any User Notes about the search results (optional).
    6. The Output Format is selected as PDF.
    7. Select the Time Zone of the data from the drop-down list.
    8. Select a Template option:
      • Defined: To use the template defined for this report defined under Resources > Reports or use the system default template for Analytics export.
      • New: To create a new custom report template for one-time use. The Report Design settings appear when you choose this option. Note that this template will not replace the template defined under Resources > Reports.
        Refer to Designing a Report Template for the steps to design the Cover Page and Table of Contents.
    9. Click Send.
    Previous
    Next