Threats by Devices
On this page you can view and drill down all threats grouped by devices. This page displays device name, number of malicious files, and number of suspicious files. Double-click an entry in the table to view the second level, View Jobs.
Threats by Devices - level 1
The following options are available:
|
Time Period |
Select the time period from the dropdown list. Select 24 Hours, 7 Days, or 4 Weeks. |
|
Export Data |
Click the Export Data button to create a PDF or CSV snapshot report. The time period of included jobs in the report depends on the selection made in the Time Period dropdown. The time to generate the report is dependent on the number of events selected. You can wait until the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page. |
|
Search |
Show or hide the search filter field. |
|
Refresh |
Click the Refresh icon to refresh the entries displayed after applying search filters. |
|
Add Search Filter |
Click the Search Filter field to add search filters. Click the Cancel icon beside the search filter to remove the specific filter. Click the Clear All Filters icon in the search filter field to clear all filters. Search filters can be used to filter the information displayed in the GUI. You can input a partial value to search all records that contain it. |
|
View Jobs |
Click the View Jobs icon to drill down the entry. |
|
Pagination |
Use the pagination options to browse entries displayed. |
This page displays the following information:
|
Device |
The device serial number and VDOM.
|
||
|
Device Name |
The device name. |
||
|
# of Malicious Files |
The number of malicious files submitted by the device. Click the column header to sort the table by this column. |
||
|
# of Suspicious Files |
The number of suspicious files submitted by the device. Click the column header to sort the table by this column. |
||
|
Timeline |
View the Threat Timeline Chart of the device. When you hover on any dot, all victim hosts managed by the device appears within five minutes. When you click on any dot in the chart, all events associated displays. When you click on an event, the View Details page opens. |
||
|
Total Devices |
The number of devices displayed and the total number of devices. |
Threats by Devices - level 2
The following information is displayed:
|
Search |
Show or hide the search filter field. |
|
|
Export Data |
Click the Export Data button to create a PDF snapshot report. You can wait until the report is ready to view, or view the report in later in Log & Report > Report Center page. |
|
|
Add Search Filter |
Click the search filter field to add search filters. Click the cancel icon to the left of the search filter to remove the specific filter. Search filters can be used to filter the information displayed in the GUI. |
|
|
Threat Timeline Chart |
Displays the number of threats and types of threats which occurred to the threat target during the peroid of time. Hover over the dots in the chart to view more detailed threat information. |
|
|
Back |
Click the Back button to return to the main landing page. |
|
|
Summary of |
Displays a summary of the device type selected. |
|
|
Details |
Detailed information includes device name, selected time period, and total number of malicious and suspicious files. |
|
|
|
Malicious Files |
Malicious file information including malware name, destination IP address, and number of detection times. Click the View Details icon or double-click the row to drill down the entry. Click the malware name to view the related FortiGuard Encyclopedia page. |
|
|
Suspicious Files |
Suspicious file information including file name, file type, risk level, destination IP address, and number of detection times. Click the View Details icon or double-click the row to drill down the entry. |
Threats by Devices - level 3
The following options are available:
|
Back |
Click the Back icon to return to the main landing page. |
|
View Details |
Select the View Details icon to view file information. The information displayed in the view details page is dependent on the file type and risk level. |
|
Perform Rescan |
Click the icon to rescan the entry. For more information, see Perform Rescan > File Job Search. |
|
Pagination |
Use the pagination options to browse entries displayed. |
The following information is displayed:
|
Malicious Files |
Displays the date and time that the file was detected, malware name, source IP address, and destination IP address. Click the malware name to view the related FortiGuard Encyclopedia page. |
|
Suspicious Files |
Displays the date and time that the file was detected, file type, rating, source IP address, destination IP address, and number of detection times, if available. |
|
Total Jobs |
The number of jobs displayed and the total number of jobs. |
Threats by Devices - level 4
For more information about the malicious and suspicious files in the View Details pages, see Appendix B- Job Details page reference.
|
When a file has been rescanned, the results of the rescan are displayed in this page. Select the job ID to view the job details. |
To create a snapshot report for all threats by devices:
- Select a time period from the first dropdown list.
- Select to apply search filters to further drill down the information in the report.
- Click the Export Data button in the toolbar. The Report Generator window opens.
- Select either PDF or CSV for the report type. Optionally you can further define the report start/end date and time.
- Click the Generate Report button to create the report. You can wait until the report is ready to view, or navigate away and find the report later in Log & Report > Report Center page.
- When the report generation is completed, select the Download button to save the file to your management computer.
- Click the Close icon or the Cancel button to quit the report generator.
|
|
The maximum number of events you can export to a PDF report is 1000. The maximum number of events you can export to a CSV report is 15000. Jobs over that limit are not included in the report. |