Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
dmeeker
Staff
Staff

Created on ‎10-03-2022 11:54 AM

Article Id 225541

Technical Tip: How to use the FortiEDR dashboard

Description

This article describes the different panes of the dashboard and how it can be used to better utilize FortiEDR.
Scope 5.0.3+
Solution

Security Events:

 

dmeeker_0-1664821772605.png

 

1) Switch between Device View and Process View.


2) Shows the different categories (Likely Safe, PUP, Inconclusive, Suspicious, Malicious)
Selecting different categories will bring up event viewer and shows the corresponding processes or devices associated with those events.

 

Communication Control:

 

dmeeker_1-1664821772606.png

 

This section shows unhanded applications in the system.

Communication control shows the categories such as unknown and unsigned vendors, critical vulnerabilities and low reputation.

Selecting the different categories will bring user to the communication control section based on the vulnerability.

 

Collectors:

 

dmeeker_2-1664821772607.png

 

The collectors section shows the status of the collectors and users can view them by version and operating system as well.

 

1) Selecting the drop down menu user can change the view to general, Version and Operating System.
General view will just show the status of the collectors.
View by Version will sort the collectors the collector version (e.g 5.0.3.912, 5.0.3.559). The status will be combined into one column and will look as follows:

 

dmeeker_3-1664821772608.png


View by Operating System will sort the collectors by the OS.

The collectors will be sorted by Windows, Windows Server, macOS and Linux.

The status will be combined into one column similar to the above picture; however, it will show the Operating System instead of version number.

 

2) The status of the collectors are arranged by colors.
Green – Running – This means that the collector is up and working as expected.
Yellow – Degraded – The collector is prevented from performing to its full capacity. (for example, due to lack of resources on the device on which it is installed or compatibility issues)
Red – Disconnected – The device is offline, powered down or is not connected to the FortiEDR Aggregator.
Gold – Pending Reboot – The collector is ready to run after this device is rebooted.
Silver – Disabled – The collector is disabled in the FortiEDR Central Manager.

 

3) This shows the number of collectors and the status of them based off of the drop down selected.  

 

Most Targeted:

 

dmeeker_4-1664821772609.png

 

This section of the dashboard will show the most targeted machines (by device) or the number of events by process view.

The categories users will see here are malicious, Suspicious, PUP, inconclusive and Likely Safe

One can select the bars in the graph and it will take users to the events to set exceptions for ones that is seen here in bulk


External Destinations:

 

dmeeker_5-1664821772610.png

 

This pane shows the external destinations. Drop-down menu can be changed to month, week or day.

One can also select the location and it will bring users to the event viewer.

System Components

 

dmeeker_6-1664821772612.png

 

The quickest way to tell if all the system components are running. Green is up and running, yellow is degraded and red is disconnected.
Labels:
555
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.