Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.a
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home 26.1.a User Guide

    Muting

    Muting

    Muting allows you to ignore authorized and expected behaviors to identify anomalies for the specific host. When a detector is muted, any related detection will have a status of Muted. This means a notification will not be generated for the detection. A muted detection will auto-resolve after the specified time frame or can be resolved manually.

    To view all muted devices, detectors, and detections, go to the Mutes and excludes.

    Mute all detectors for a device

    Muting a device for all detectors is most commonly used for devices like sandboxes and vulnerability scanners, which routinely trigger detections as part of their normal operation. Since these alerts are expected, muting such devices is often one of the first steps when configuring FortiNDR Cloud.

    To mute a device for all detectors:
    1. Click the Detections tab.
    2. In the toolbar, click the gear icon at the right side of the page and select Muted Devices. The Muted Devices page opens.

    3. Click Add New device Range.
    4. In the Device IP or Range field, enter an IP address or CIDR range.
    5. Click Add Device(s).

    Mute a detector

    Muting a detector will cause all its future detections to be muted, regardless of which device triggered the detector. This is commonly used for posture-aware detectors that identify approved or expected behavior.

    To mute a detector:
    1. Click the Detections tab.
    2. Click the menu icon in the last column at the right-side of the page, and select Mute Detector.

    3. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.

    Mute a device

    You can mute a device for a detection, detector or an account. This is commonly used for suspicious behaviors from approved devices, such as remote access from an administrator workstation. Detections that contain a muted detector are appended with Muted in the Status of column of the Detections Table.

    To mute a device:
    1. Click the Detections tab and open a detector in the list.
    2. In the Impacted Devices tab, select the detection that contains the device and detector.
    3. Click the Actions menu at the right side of the page and select one of the following options.
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account

    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.
    Tooltip

    Alliteratively, you can go to Detections > Detections Table. In the Action column, click the menu and select Mute device for detector.

    Viewing muted devices

    Option

    Description

    Mutes and Excludes
    1. Click the gear icon at the top-right of the page and select Mutes and Excludes.
    2. Scroll down to the Muted Devices
    Detections
    1. Go to Detections.
    2. Click the Settings menu at the top-right of the page.
    3. Under Actions select Muted Devices.
    Detections Table
    1. Go to Detections > Detections Table.
    2. Click the column selector and show the Device Muted column
    Previous
    Next

    Muting

    Muting

    Muting allows you to ignore authorized and expected behaviors to identify anomalies for the specific host. When a detector is muted, any related detection will have a status of Muted. This means a notification will not be generated for the detection. A muted detection will auto-resolve after the specified time frame or can be resolved manually.

    To view all muted devices, detectors, and detections, go to the Mutes and excludes.

    Mute all detectors for a device

    Muting a device for all detectors is most commonly used for devices like sandboxes and vulnerability scanners, which routinely trigger detections as part of their normal operation. Since these alerts are expected, muting such devices is often one of the first steps when configuring FortiNDR Cloud.

    To mute a device for all detectors:
    1. Click the Detections tab.
    2. In the toolbar, click the gear icon at the right side of the page and select Muted Devices. The Muted Devices page opens.

    3. Click Add New device Range.
    4. In the Device IP or Range field, enter an IP address or CIDR range.
    5. Click Add Device(s).

    Mute a detector

    Muting a detector will cause all its future detections to be muted, regardless of which device triggered the detector. This is commonly used for posture-aware detectors that identify approved or expected behavior.

    To mute a detector:
    1. Click the Detections tab.
    2. Click the menu icon in the last column at the right-side of the page, and select Mute Detector.

    3. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.

    Mute a device

    You can mute a device for a detection, detector or an account. This is commonly used for suspicious behaviors from approved devices, such as remote access from an administrator workstation. Detections that contain a muted detector are appended with Muted in the Status of column of the Detections Table.

    To mute a device:
    1. Click the Detections tab and open a detector in the list.
    2. In the Impacted Devices tab, select the detection that contains the device and detector.
    3. Click the Actions menu at the right side of the page and select one of the following options.
      • Mute Device for Detection
      • Mute Device for Detector
      • Mute Device for Account

    4. In the dialog that opens, enter a comment in the Comments field, and click Mute Detector.
    Tooltip

    Alliteratively, you can go to Detections > Detections Table. In the Action column, click the menu and select Mute device for detector.

    Viewing muted devices

    Option

    Description

    Mutes and Excludes
    1. Click the gear icon at the top-right of the page and select Mutes and Excludes.
    2. Scroll down to the Muted Devices
    Detections
    1. Go to Detections.
    2. Click the Settings menu at the top-right of the page.
    3. Under Actions select Muted Devices.
    Detections Table
    1. Go to Detections > Detections Table.
    2. Click the column selector and show the Device Muted column
    Previous
    Next