Anomaly tab
The Anomaly tab provides insight into the anomaly content detected by FortiNDR and its occurrences in the network. To learn more about the connections related to a specific anomaly, double-click a record in the list to open the Anomaly Information pane. This pane contains all the connection pairs if there are multiple combinations of source and destination.
By default the Anomaly tab displays the following information:
Column | Description |
---|---|
Latest Timestamp | The date the record was updated. |
Attack Name | The attack name provided by FortiGuard. Hover over the name to view the Impact, Product List and Recommended Action. You can also use this column to explore the attack name and search FortiGuard. |
Anomaly Severity | The anomaly severity (Not Anomaly, Info, Low, Medium, High or Critical). |
Count (Historic) | The total number of times the anomaly was observed. |
Count (Past week) | The total number of times the anomaly was observed during the past week . |
First Timestamp | The timestamp for the first time the anomaly was detected. |
To view the sessions for a selected condition:
- In the Anomaly tab, double-click a record in the list. The Anomaly Information pane opens.
- Click the Analytic tab.
- Double-click a log in the list. The Sessions Log for selected condition pane opens. The connection pair information is displayed.
From the Session Log pane, you have the option of viewing the source and destination device and viewing the sessions. For more information, see Session tab.
Anomaly Information
The Anomaly Information pane contains two tabs: General and Analytic.
General tab
The General tab displays the following information:
General |
|
Additional Information |
|
Last Anomaly Occurrence |
|
Analytic tab
The Analytic tab displays the following information about he the connection pair:
Src IP | The source IP. Hover over the record to view the view the IP Address, Country and Related Service. |
Source Network |
The source network. You can use this column to filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Dst Ip | The destination IP. Hover over the record to view the view the IP Address, Country and Related Service. |
Destination Network |
The destination network. You can use this column to filter IP addresses based on the category of the IP, such as Internal, External (public addresses), Broadcast, Multicast address, Loopback, Reserved Address and Link-local Address. You can filter for both IPv4 and IPv6 Addresses. |
Count (Historic) | The total number of times the anomaly was observed. |
Count (Past week) | The total number of times the anomaly was observed during the past week . |