FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
Article Id 225541

This article describes the different panes of the dashboard and how it can be used to better utilize FortiEDR.

Scope 5.0.3+

Security Events:




1) Switch between Device View and Process View.

2) Shows the different categories (Likely Safe, PUP, Inconclusive, Suspicious, Malicious)
Selecting different categories will bring up event viewer and shows the corresponding processes or devices associated with those events.


Communication Control:




This section shows unhanded applications in the system.

Communication control shows the categories such as unknown and unsigned vendors, critical vulnerabilities and low reputation.

Selecting the different categories will bring user to the communication control section based on the vulnerability.






The collectors section shows the status of the collectors and users can view them by version and operating system as well.


1) Selecting the drop down menu user can change the view to general, Version and Operating System.
General view will just show the status of the collectors.
View by Version will sort the collectors the collector version (e.g, The status will be combined into one column and will look as follows:



View by Operating System will sort the collectors by the OS.

The collectors will be sorted by Windows, Windows Server, macOS and Linux.

The status will be combined into one column similar to the above picture; however, it will show the Operating System instead of version number.


2) The status of the collectors are arranged by colors.
Green – Running – This means that the collector is up and working as expected.
Yellow – Degraded – The collector is prevented from performing to its full capacity. (for example, due to lack of resources on the device on which it is installed or compatibility issues)
Red – Disconnected – The device is offline, powered down or is not connected to the FortiEDR Aggregator.
Gold – Pending Reboot – The collector is ready to run after this device is rebooted.
Silver – Disabled – The collector is disabled in the FortiEDR Central Manager.


3) This shows the number of collectors and the status of them based off of the drop down selected.  


Most Targeted:




This section of the dashboard will show the most targeted machines (by device) or the number of events by process view.

The categories users will see here are malicious, Suspicious, PUP, inconclusive and Likely Safe

One can select the bars in the graph and it will take users to the events to set exceptions for ones that is seen here in bulk

External Destinations:




This pane shows the external destinations. Drop-down menu can be changed to month, week or day.

One can also select the location and it will bring users to the event viewer.

System Components




The quickest way to tell if all the system components are running. Green is up and running, yellow is degraded and red is disconnected.