| Description | This article provides additional information about the executive summary report and offers answers to common questions. |
| Scope | FortiEDR's executive summary report feature and security events. |
| Solution |
FortiEDR offers an executive summary report designed to condense an overview of events based on a specified time range into a single PDF file. See the administration guide here for more information: https://docs.fortinet.com/document/fortiedr/5.2.0/administration-guide/137168/executive-summary-repo....
The executive summary report may raise questions due to providing slightly different information for security events than what is found in the event viewer page. The following three points address common questions:
1) The executive summary report includes only security events which were classified as Malicious, Suspicious, PUP, Inconclusive and Likely Safe. This means security events which were classified as Safe are intentionally omitted from the executive summary report, as they are of low importance.
2) The executive summary report uses the ‘Last seen’ time of a security event. This means that an executive summary report generated for the third week of April, for example, will only include events which were triggered and last seen within that week.
3) The executive summary report will include figures for each respective classification type as outlined in the screenshot below:
In order to view these events in the event viewer, specify the parameters as follows in advanced search:
- The ‘Last seen’ time ‘From’ and ‘To’ range must align with the dates specified when creating the Executive Summary report. - The ‘Classification’ type(s). - Ensure ‘Include Archived Events’ is checked.
It is important to note that each respective event in Process view may have more than 1 event within it. For example, the screenshot below shows one process ('winPEASany.exe') listed with three events:
|
