Fortinet black logo

User Guide

Incidents

Copy Link
Copy Doc ID 8d4237ec-c163-11ee-8c42-fa163e15d75b:837622
Download PDF

Incidents

Attack events are aggregated and then grouped into incidents by common characteristics. In this way, you can quickly find out which attack types occur frequently, the most malicious source IP addresses, etc.

By clicking the incident number, you will see the incident details including the attack type, the target application, source IPs, etc.

You can mark an incident as Acknowledged or False Positive, then the corresponding icons will display in the incident's Status column. Please note that marking Acknowledge or False Positive is only for your convenience to track the incidents. The system doesn't take this into account when it detects threats. You can also click the Comments link to add comments for the incident.

You can use predefined tags for Threat Analytics incidents. This helps in labeling incidents for future usage such as sorting, filtering and acknowledging incidents. It's supported to edit the tag name according to you needs.

Roll down to the bottom of the Incident Details page, you can use the Click to see details button to open the threat view page which categorizes the attacks by Attack Type, Countries, Hosts, etc.

Incidents

Attack events are aggregated and then grouped into incidents by common characteristics. In this way, you can quickly find out which attack types occur frequently, the most malicious source IP addresses, etc.

By clicking the incident number, you will see the incident details including the attack type, the target application, source IPs, etc.

You can mark an incident as Acknowledged or False Positive, then the corresponding icons will display in the incident's Status column. Please note that marking Acknowledge or False Positive is only for your convenience to track the incidents. The system doesn't take this into account when it detects threats. You can also click the Comments link to add comments for the incident.

You can use predefined tags for Threat Analytics incidents. This helps in labeling incidents for future usage such as sorting, filtering and acknowledging incidents. It's supported to edit the tag name according to you needs.

Roll down to the bottom of the Incident Details page, you can use the Click to see details button to open the threat view page which categorizes the attacks by Attack Type, Countries, Hosts, etc.