Fortinet black logo

User Guide

Home FortiNDR Cloud User Guide

Manage subscriptions

Manage subscriptions

Receive an email notification when a rule triggers a detection. Subscriptions are configured and applied on a per-user basis using the email address tied to a user's account. If you are logging in for the first time or have never updated your subscriptions, you will see the Default Subscription created for every user.

You can manage subscriptions from the application settings or the detections settings menu.

To create a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.
  3. Click the Create subscription button at the top right-side of the page. A blank subscription is displayed.

  4. Configure the subscription:

    Subscription NameEnter a name for the subscription.
    Severities

    Select one of the following:

    SeverityDescriptionExamples
    HighSignificant to fair impact with the potential to spread or escalateMalicious code execution, C2 communications, lateral movement, data exfiltration
    ModerateFair impact with minimal potential to spread or escalateActivity that could indicate malicious intent, untargeted attacks with unknown success, data leakage, subversion of security or monitoring tools
    LowLittle to no impact expectedPotentially unauthorized software, devices, or resource use, untargeted adware or spyware, compromise of a personal device or device on an untrusted network, insecure configurations
    Confidences

    Select one of the following:

    ConfidenceMinimum True-Positive Rate
    High90%
    Moderate75%
    Low50%
    Categories

    Select a category from the list. For information, see Detections > Rule Categories.

    AccountSelect the account the rule belongs to.
    Email Type

    • Notification: Sends an email for each individual rule that becomes active.

    • Digest: Sends you a single email each day at the specified time (default 08:00 Eastern) summarizing rules that became active and/or were resolved during the previous day.

  5. Click Save.

To delete a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.

  3. Click the Actions menu at the left side of the rule and select Edit Subscription.

  4. Click Delete.

To disable a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.
  3. Click Delete.

Previous
Next

Manage subscriptions

Receive an email notification when a rule triggers a detection. Subscriptions are configured and applied on a per-user basis using the email address tied to a user's account. If you are logging in for the first time or have never updated your subscriptions, you will see the Default Subscription created for every user.

You can manage subscriptions from the application settings or the detections settings menu.

To create a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.
  3. Click the Create subscription button at the top right-side of the page. A blank subscription is displayed.

  4. Configure the subscription:

    Subscription NameEnter a name for the subscription.
    Severities

    Select one of the following:

    SeverityDescriptionExamples
    HighSignificant to fair impact with the potential to spread or escalateMalicious code execution, C2 communications, lateral movement, data exfiltration
    ModerateFair impact with minimal potential to spread or escalateActivity that could indicate malicious intent, untargeted attacks with unknown success, data leakage, subversion of security or monitoring tools
    LowLittle to no impact expectedPotentially unauthorized software, devices, or resource use, untargeted adware or spyware, compromise of a personal device or device on an untrusted network, insecure configurations
    Confidences

    Select one of the following:

    ConfidenceMinimum True-Positive Rate
    High90%
    Moderate75%
    Low50%
    Categories

    Select a category from the list. For information, see Detections > Rule Categories.

    AccountSelect the account the rule belongs to.
    Email Type

    • Notification: Sends an email for each individual rule that becomes active.

    • Digest: Sends you a single email each day at the specified time (default 08:00 Eastern) summarizing rules that became active and/or were resolved during the previous day.

  5. Click Save.

To delete a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.

  3. Click the Actions menu at the left side of the rule and select Edit Subscription.

  4. Click Delete.

To disable a subscription:
  1. Go to Detections.
  2. In the toolbar, click the gear icon menu and click Manage Subscriptions. The Subscriptions page opens.
  3. Click Delete.

Previous
Next