Category Archives: FortiSIEM

FortiSIEM Adding Widgets to Dashboards

Leave a reply
Adding Widgets to Dashboards
  1. Navigate to the widget dashboard where you want to add the widget.
  2. At the bottom of the dashboard click Add Reports to Dashboard.
  3. For multi-tenant deployments, select the Organization that you want to have access to the report.
  4. Select a Category for the type of report you want to add.
  5. Under Available Reports, select the report you want to add, and then click the >> button to add it to the Selected Reports.
  6. Click OK.

To add CMDB Reports, select from the CMDB Reports folder in Step 5.

FortiSIEM Customizing Dashboards

Leave a reply
Customizing Dashboards

FortiSIEM includes several dashboards for device types and IT functional areas, but you can also customize and create new dashboards and widgets.

Adding Custom Columns to Dashboards

Adding Widgets to Dashboards

Creating a Customized Dashboard Setting a Dashboard to Home

Adding Custom Columns to Dashboards

You may want to add custom columns based on event attributes to a Summary dashboard. This topic explains how to create a custom set of columns using the example of a hardware temperature readout, and then add them to a dashboard.

Prerequisites

Procedure

Prerequisites

Read the topic How Values in Dashboard Columns are Derived

Procedure

  1. Find the event that contains the attribute you want to use.

In this case, you want to create a hardware temperature reading. The event PH_DEV_MON_HW_TEMP contains the attribute envTempDeg C.

  1. Go to Admin > Device Support > Dashboard Columns.
  2. Click New.
  3. For Name, enter the display name for the new metric you want to collect. For this example, enter the name Temperature Reading.
  4. For Event Type, click the Edit icon and select the event you want to use.

For this example, select PH_DEV_MON_HW_TEMP.

  1. Click the + icon to add a column. As you complete each column, click OK, then click + to add more columns.

For each event type, you will typically create three columns: a Host column that contains IP information for associated hosts, an Object c olumn that includes information about the object being reported on, and a Reading column that contains the metric you want to report on.

Note that you could create additional Reading columns for other attributes contained in your event.

Column Type Example Settings
Host Attributes: hostIpAddr

Aggregator: N/A

Display Name: N/A

Format: N/A

Trend Chart: N/A

Type: Host
Object Attributes: hwComponentName

Aggregator: N/A

Display Name: N/A

Format: N/A

Trend Chart: N/A

Type: Object
Reading Attributes: envTempDegC

Aggregator: AVG|MAX

Display Name: Temp

Format: DegreeC

Trend Chart: Health

Type: Reading
  1. When you’re finished adding columns, click OK.

The new column you created will appear in the Admin > Device Support > Dashboard Columns.

  1. Select your new column in the list, and then click Apply.
  2. To add your column to a dashboard, navigate to the dashboard.
  3. In the dashboard, click Select Columns.
  4. Under Event Types, select the event type you used to create the new column.

The columns associated with that event type will be listed under Columns, and the Attribute Name will list the attribute you used to

create the column.

  1. Under Columns, select your column and use the >> button to move it into the Selected Columns.
  2. Use the up and down position buttons to place the column in the order where you want it to appear in the dashboard.
  3. Click OK.

Your new column will appear in the dashboard.

FortiSIEM Using the Analysis Menu

Leave a reply
Using the Analysis Menu

The Analysis menu located in the Summary dashboards presents a number of options for gathering more information about items selected in the dashboard. You can also access the Analysis menu items by selecting a line in a summary dashboard, and hovering your mouse over the IP address of the device until the blue Analysis menu option appears.

Analysis Menu Options

Menu

Option

 Description
Quick Info The Quick Info view of a device, which you can also access through the Analysis menu or hovering your mouse cursor over the Device IP column, displays General and Health information for the device, and when appropriate, Identity and Location information. It also contains links to additional information about the device:

Incidents

An exportable summary of incidents associated with the device

Health

Availability, Performance, and Security health information for the device. You can also access this information by clicking the Device Health user interface control, or by selecting Device Health in the Analysis menu.

BizService

Any business services impacted by the device. You can also access this information by selecting Impacted Business Services in the Analysis menu.

Applications

Displays a report on the top 10 applications associated with the device by Average CPU Utilization over the past hour Vulnerability and IP Status (Not used in the Dashboard view)

Displays the vulnerability status reports that are also available by selecting Vulnerability and IPS Status in the Analysis menu

Hardware Health (Used only for the CMDB/Storage view)

Displays health information for the hardware being used for storage

Interfaces

Displays a report on the top 10 interfaces associated with the device by average throughput Topology

Shows the device’s location in the network topology. You can also access this information by selecting Topology in the A nalysis menu.

The Quick Info view also contains two links, Goto Config Item, which links to the device entry in the CMDB, and Goto Identity , which links to Analytics > Identity and Location Report, where you can edit this information for the device.
Topology Shows the device location within the network topology
Device

Health

 Availability, Performance, and Security health reports for the device. You can also access this information by selecting a device in the Summary dashboard, and then click Health, or by going to Quick Info > Health after selecting the device. If any I ncidents are displayed, click the number to view the Incident Summary. Depending on the reported metric, you can zoom in for a closer look at graphs and reports by clicking the Magnifying Glass icon that appears when you hover your mouse cursor over them.
Incidents

Summary

 A summary of incidents associated with the device. Select an incident and then hover your mouse cursor over the Incident Name to open the View Incident Details option, which will load the selected incident into the Incident Dashboard. See the topics under Incidents – Flash version for more information about working with the Incident Dashboard. If you hover your mouse cursor over the Incident Target for an incident in the Incident Summary screen, you will see some additional options, including:

Add to Watch List – add the incident target to a watch list. See Watch Lists for more information.

Show Related Real Time Search – opens a real time search using the Host IP and Name for the incident target

Show Related Historical Search – opens an historical search using the Host IP and Name for the incident target

 
Device

Availability

 Displays reports for Availability Trend Status, Ping Response Time, and Ping Packet Loss for the device over the past hour, and Device Uptime for the device over the past thirty minutes
Device

Performance

 Displays reports for Performance Health Trend, Avg Memory Utilization, Avg CPU Utilization, and Avg Disk Utilization ov er the past hour for the device

 

Interface

Status

 Displays reports for Interface Utilization Percentage, Interface Error Percentage, Interface Traffic, and Interface Error

Count over the past hour for the device
Application

Performance

 Displays reports for Average Application CPU Utilization, Application CPU Utilization, Average Application Memory

Utilization, and Application Memory Utilization over the past hour for the device
Event Status Displays reports for Events per Second, Top Network Connections, Top Events by Severity, and Top TCP/UDP Ports ove r the past hour for the device
All Events by Group for the Last 10 Minutes Opens an Historial Search for the selected device using these criteria
Traffic Status Displays reports for All Permitted Traffic Sourced From or Destined to the selected device, and All Denied Traffic

Sourced from or Destined to the selected device over the previous hour
Vulnerability and IPS Status Displays reports for All Vulnerabilities for Last 1 Day and All Warning + Critical IPS Events for the device over the past 24 hours
Impacted

Biz Services

 Business services that contain the selected device
Real-time

Events

 Opens a Real-Time Search for the selected device
Historical

Events for

Last 5 Mins

 Opens an historical search for all events associated with the device over the past five minutes

 

 

FortiSIEM How Values in Dashboard Columns are Derived

Leave a reply
How Values in Dashboard Columns are Derived

The values in Summary dashboard columns are either derived from system information (for example, the IP address for a device), or are metrics associated with events and their attributes. This topic uses the example of the CPU Util column in many summary dashboards to explain the relationship between event attributes and display columns, and how values in those columns are calculated.

  1. Log into you your Supervisor node.
  2. Go to Dashboard > Device View > All Devices.
  3. Click Select Columns.

You will see a list of all the columns used in this dashboard under Selected Columns. Under Selected Columns you’ll see CPU Util, and next to it, in parentheses, you will see three event types listed, whose attributes are used to create this calculation: PH_DEV_MON_SYS_C

PU_UTIL, PH_DEV_MON_EC2_METRIC, and PH_DEV_MON_CLARION_SP_UTIL.  The metrics associated with these attributes are displayed in the CPU Util column, but how are metrics collected over time represented as a single value? To answer this question, you need to examine the column settings and Aggregation Method in the Device Support > Dashboard Columns page.

  1. Go to Admin > Device Support > Dashboard Columns.
  2. Find System CPU Utilization in the list of dashboard columns. CPU Util is part of the System CPU Utilization set of metric.
  3. Each dashboard column has the same set of attributes:
Column

Attribute

 Description Value for System CPU Utilization
Name The metric collected System CPU Utilization
Event Type The type of event that provides the attributes for the metric PH_DEV_MON_SYS_CPU_UTIL

PH_DEV_MON_EC2_METRIC

PH_DEV_MON_CLARION_SP_UTIL
Column

Name

 The display name in the Summary dashboard for the metric CPU Name

Storage Processor

CPU Utilization

Host IP Address

Most events include a Host IP address, however there is no Column Name for this metric as FortiSIEM generates the column name Device IP in relation to the metric.
Column

Attribute

 The specific attribute used for each Column Name Device IP (system generated name) – hostIpA ddr

CPU Name – cpuName

Storage Processor – spName

CPU Util – cpuUtil
Column

Type

 The type of information that will be displayed in the column for each attribute Device IP (system generated name) – hostIpAd dr – Host

CPU Name – cpuName – Object

Storage Processor – spName -Object

CPU Util – cpuUtil – Reading
Aggregator For readings, the mathematical aggregator that will be used to calculate the metric. Options are: AVG, SUM, MAX, MIN, LAST. Using a pipe | between two operators indicates that the first operation should be aggregated over time, and the second over the object. CPU Util – cpuUtil – Reading – AVG|AVG

With this information, you can see that CPU Util metric is derived from the cpuUtil attribute of the PH_DEV_MON_SYS_CPU_UTIL event, and that the display column is a reading that uses the calculation Average over time and then Average over the object being reported on. Now apply this to the event reports for a host with two CPUs, and you can see how the calculation works.

This output shows two samples of cpuUtil taken over three minutes for each CPU running on the host 192.168.0.40. According to the Aggre gator for this column, FortiSIEM should first average the samples over time for each CPU, and then average those together to derive the metric for the host. The average for the CPU 1 is 3.000000, and the average for CPU 2 is 30.000000. These values are combined and averaged again to get the overall metric for the host, which is 16.500000.

FortiSIEM Network Topology View of Devices

Leave a reply
Network Topology View of Devices

FortiSIEM provides two ways to view the topology of your IT infrastructure, one at the CMDB level that shows all devices, and another at the level of device groups and individual devices.

How is Network Topology Discovered and Visualized?

CMDB All Devices View

CMDB All Devices User Interface Controls

Device Group and Device View

Device Group and Device View User Interface Controls Viewing Device Information in the Topological Map

How is Network Topology Discovered and Visualized?

FortiSIEM discovers network topology at two levels,  layer 3 and layer 2. Layer 3 connectivity involves IP addresses, while Layer 2 connectivity

The layer 3 topology is discovered by obtaining network interface IP address and masks for all devices via SNMP (RFC 1213). The local networks e.g. loopback (127.0.0.0/8), link local addresses (169.254.0.0/16) are filtered out and the distinct networks segments are identified.

A layer 3 topology is visualized on the FortiSIEM Topology map by drawing:

Network segment and devices as node and

Srawing line segments from the network segment nodes to every device node that have an interface with IP address in that network segment.

The devices are represented by vendor specific icons and the network nodes are represented by a line and labeled as “Net-<net>/<maskbits>”. For visual clarity:

Only the network devices are drawn by default. A network device is one that belongs to row Network Device tab in the CMDB. Only those networks are drawn that have devices discovered by FortiSIEM (and are in CMDB). There is a “” button next to those networks. Clicking on the “” button displays those hosts in the topology graph. Clicking on the “-“ button hides those hosts.

When an enterprise network has Layer 2 switches and hubs, a layer 3 topology misses the connectivity between servers to layer 2 switches and the trunk port connectivity between layer 2/3 switches. Layer 2 discovery is difficult and, more importantly, vendor dependent as vendors have different implementations of the Spanning Tree Protocol (STP).

For Cisco switches, the layer 2 topology is obtained via SNMP (IEEE spanning tree MIB as found in RFC1493 and CISCO-VTP-MIB) as follows:

For every switch,

  1. Identify all active VLANs on that switch 2. For every active VLAN:
  2. Get MAC forwarding table
  3. Get STP table to identify trunk ports and directly connected trunk port on adjacent switches

The MAC forwarding table obtained in Step 2a provides the server to switch port connectivity (after eliminating the trunk port entries obtained in step 2b). The trunk port connectivity between switch ports is directly obtained from Step 2b.

The Layer 2 topology is visualized on the FortiSIEM topology diagram by choosing the layer 2 mode. Then by clicking the “+” next to a device, the VLANs on that switch are displayed. Also, the trunk port connectivity is shown in an orange color and a tool tip provides the VLANs over this trunk link.

Then by clicking on the “+” of a VLAN, the hosts belonging to that VLAN and also the switch ports they connect to are displayed.

The host to switch port connectivity can also be seen in a tabular form by first clicking the switch and then clicking the “Port Mapping Table”.

CMDB All Devices View

This screenshot shows the CMDB tab selected, and in the Device View, Topology is selected. This topology map shows all the devices for the selected organization, and provides controls for editing the topology views that will be available to users from that organization.

CMDB All Devices User Interface Controls

UI Control Description
Zoom Use the slider to increase or decrease the zoom level of the map
Organizations

Filter

 For multi-tenant deployments, filter devices based on the organization they belong to
View Select the layers, connection types, and number of hops from the host to display in the map
Search Search for specific devices based on name, IP, or Business Service
View Options Set the display options, including severity levels, for the map
Layout Options Set the type of topological map to display, as well as the length of links between devices
Save and Update Refresh

When you make a change to the map settings, click Refresh to see them reflected in the map Save

Save your Layout and View Options to use them in other topographical maps associated with this organization Sync

If you make changes to your infrastructure or add devices to the CMDB, click Sync to see them reflected in the map

Device Group and Device View

You can access the device group view of the topological map by selecting a group of devices in the Device View, and then clicking the Topo butto n in the Summary pane. Select an individual device, and then click the Topo button in the Details pane to view that device within the topological map.

Device Group and Device View User Interface Controls

UI

Control

 Description
Zoom Use the slider to increase or decrease the zoom level of the map
View

Controls

 Click on the arrow icon in the upper-right corner of the map to open these controls. Options to enable/disable node dragging, incident display, connection layer display, and the number of hops from the host to display.
Map

Explorer

 Click o the arrow icon in the lower-right corner of the map to open the Map Explorer. As you zoom into the map, the map explorer will show you the area that you are currently viewing. You can move to another area by clicking and dragging the highlighted section of the map explorer to that area.

Viewing Device Information in the Topological Map

Devices within the topological map have additional icons to represent information about the device.

Icon Name Description
Show

Connected

Hosts

 If a device has a green + icon in the topographic map, you can click on that icon to see hosts that are connected to that device
Show

Incident

Details

 Incidents for a device are displayed as a number in a circle to the right of the device icon, with the color of the circle (red, yellow, green) indicating the severity of the incidents. Click the number to view the Incident Summary for the device, and then click on individual incident to view the Incident Details in the List View of Incidents. In the Incident Summary you can also view and apply a subset of options from the Analysis Menu by having your mouse cursor over the Incident Source or Incident Target entries for the incident.

 

Show

Device

Details

 Click on the name of the device to view details about it. The kind of information displayed will depend the type of device you select.

 

 

FortiSIEM Widget Dashboard User Interface Overview

Leave a reply
Widget Dashboard User Interface Overview

Widget dashboards are best for viewing aggregated metrics based on historical search, which are generally presented in the form of a graph or chart. From the widget view of information, you can drill down to view and modify the underlying historical search. Examples of widget dashboards include Availability/Performance > Avail/Perf Widgets, the Security Dashboard, BizService Dashboard > Avail/Perf Widgets and Security Widgets, and all the dashboards listed under Dashboards by Function.

This screenshot shows an edited view of the Availability/Performance >Avail/Perf widgets dashboard. It contains all the standard user interface controls found in widget dashboards.

This screenshot shows the Event Info menu that you open by hovering your mouse cursor over an event within a widget until the menu icon appears.

Widget Dashboard UI Controls

UI

Control

 Description
Resize You can resize the widget by clicking on this control, and then indicating how many tile spaces you want that widget to use in the dashboard
Drill

Down

 Hover your mouse cursor over the right upper corner of the widget to access this control. Select a line displayed in the widget to drill down to the historical search associated with that metric. You can then run or modify the search. See Refining the Results from Historical Searchfor more information. This is also the same functionality as the Drill Down option in the Event Info menu.
Edit

Settings

 Hover your mouse cursor over the right upper corner of the widget to access this control. Edit the settings associated with the widget. These include:

Title – the title of the report

Description – a summary description of the report

Condition – filters within the report. Look up the report in CMDB > CMDB Reports to view the filter conditions it uses. Display – select the type of chart you would like the widget to display

Time – the time interval to use in gathering data

Refresh Interval – how often the data should be refreshed

Result Limit – how many results should be included in the report

Run report for – for multi-tenant deployments, select the organization that the widget should report on
Remove Hover your mouse cursor over the right upper corner of the widget to access this control. Click this control to remove the widget from the dashboard
Event

Info

 Hover your mouse cursor over a line in a report to view the Quick Info for the associated Event Type, or select Drill Down to view, edit, and run the associated historical search. See Refining the Results from Historical Search for more information.
Add

Report

 At the bottom of each widget dashboard is a button to add more widgets to the dashboard.

Related Links

Refining the Results from Historical Search

 

FortiSIEM Dashboard Overview

Leave a reply
Dashboard Overview

FortiSIEM includes two types of component dashboards: General, which are used to monitor IT infrastructure components, and VM View, which focus specifically on information about virtual machines in your infrastructure. These two types of component dashboards also include two types of dashboads for collecting different types of information:

Summary dashboards that provide single-line entries for IT infrastructure components based on their system status (Critical, Criitcal + Warning, All) in operational time

Widget-based dashboards that provide metrics and analytics for functional areas using historical data

In addition to the summary and widget-based dashboards, FortiSIEM also includes a specialized Incident dashboard, with features that are detailed in the Incidents – Flash version section.

Topics in this section provide an overview of the Summary and Widget dashboards, as well as how to use the Analysis menu to gain more information about your IT infrastructure components.

Summary Dashboard User Interface Overview

VM Dashboard User Interface Overview

Widget Dashboard User Interface Overview

Network Topology View of Devices

How Values in Dashboard Columns are Derived Using the Analysis Menu

 

Summary Dashboard User Interface Overview

Dashboard Overview

Summary Dashboard UI Controls

Dashboard Overview

Summary dashboards are best used for gathering information about individual infrastructure components in operational time. Summary dashboards include the Exec Summary dashboard, and all the dashboards in the Summary Dashboards and Availability/Performance folders of the Dashboards > General pane. In the Dashboards > VM View pane, summary dashboards include the ESX Host Type dashboards (All ESX Hosts and Standalone ESX Hosts, for example). Metrics for these dashboards are displayed either on a real-time basis, or as an average of ten minute intervals.

This screenshot shows an example of a Biz Service Summary dashboard for a multi-tenant deployment. It contains all the standard user interface controls found in summary dashboard, though some additional UI controls are found in other summary dashboards as described in the table Columnar Dashboard UI Controls. Selecting a business service in the top pane loads all the components associated with that service into the panes below.

Summary Dashboard UI Controls

UI Control Description
Status Filter Filters the view of the components based on component status: Critical, Critical + Warning, All
Organizations

Filter

 For multi-tenant deployments, filter components based on the organization they belong to
Service Info For the Business Services summary dashboard, shows the Quick Info for the business service. For other components, an I nfo link is provided in the same location in the UI.
Analysis

Menu

 The Analysis menu contains a number of options for component analytics, depending on the component selected. See Using the Analysis Menu for more information. You can also access the Analysis menu for a component by hovering your mouse over the component’s Device IP menu until the blue Quick Info icon appears, and then clicking the icon.

 

Customize

Columns

 The Custom Columns control lets you change the columns that are displayed in the dashboard. See Adding Custom Columns to Dashboards for more information.
Performance

Summaries

 Most columns contain a summary or trend view of their display information. Hover your mouse over the metric until a trend line icon appears, and then click to view the summary or trend information. Note that many of these summary pop-ups have their own navigational controls, for example to set the time interval for the summary.
Incident

Summary

 The incident summary shows the number and type of incidents associated with the component. Hover over the number to view a quick summary of the incidents, click on the incident number to view incident details.
Quick Info The Quick Info view of a device, which you can also access through the Analysis menu or hovering your mouse cursor over

the Device IP column, displays General and Health information for the device, and when appropriate, Identity and Location information. It also contains links to additional information about the device:

Incidents

An exportable summary of incidents associated with the device

Health

Availability, Performance, and Security health information for the device. You can also access this information by clicking the Device Health user interface control, or by selecting Device Health in the Analysis menu.

BizService

Any business services impacted by the device. You can also access this information by selecting Impacted Business Services in the Analysis menu.

Applications

Displays a report on the top 10 applications associated with the device by Average CPU Utilization over the past hour Vulnerability and IP Status (Not used in the Dashboard view)

Displays the vulnerability status reports that are also available by selecting Vulnerability and IPS Status in the Analysis menu

Hardware Health (Used only for the CMDB/Storage view)

Displays health information for the hardware being used for storage

Interfaces

Displays a report on the top 10 interfaces associated with the device by average throughput Topology

Shows the device’s location in the network topology. You can also access this information by selecting Topology in the Analysis menu.

The Quick Info view also contains two links, Goto Config Item, which links to the device entry in the CMDB, and Goto Identity, which links to Analytics > Identity and Location Report, where you can edit this information for the device.
Component

Health

 Availability, Performance, and Security health reports for the device. You can also access this information by selecting a device in the Summary dashboard, and then click Health, or by going to Quick Info > Health after selecting the device. If any Incidents are displayed, click the number to view the Incident Summary. Depending on the reported metric, you can zoom in for a closer look at graphs and reports by clicking the Magnifying Glass icon that appears when you hover your mouse cursor over them.
Location

Selection

 Filters components by their geographic locations. See Setting Device Location Information for more information.
Time View and Refresh Interval The Time View has two options for whether you want to view Real Time or Average-10 mins metrics for your component, and for the interval and which you want them to refresh.{to
VM Dashboard User Interface Overview

The Dashboard > VM View provides a complete overview of your virtual infrastructure, including Data Centers, Standalone ESX Hosts, Resource Pools, Clusters, ESXs, and VMs. Over 400 VMs can be discovered, and their metrics pulled via VCenter in under three minutes during initial discovery. As you navigate the Virtual Infrastructure hierarchy, you will see Summary dashboards similar to those in the General > Dashboard view for VM Clusters, All ESX Hosts, and Standalone ESX Hosts, while widget dashboards that provide performance metrics for CPU

Utilization, Memory, Network Interface, Disk I/O and Data Store Utilization are available at the level of VM, ESX, Resource Pool and Cluster.

VM Summary Dashboards Overview

UI Controls for Virtual Infrastructure Summary Dashboards

The ESX Hosts View

The ESX and VM View

VM Summary Dashboards Overview

This screenshot shows the All ESX Hosts summary dashboard, which includes a summary pane for All ESXs at the top, and a summary pane for individual VM instances for selected ESXs at the bottom. The user interface controls for the Virtual Infrastructure summary dashboards are very similar to those in the General summary dashboards.

UI Controls for Virtual Infrastructure Summary Dashboards

Ui Control Description
Organizations

Filter

 For multi-tenant deployments, filter components based on the organization they belong to
Quick Info The Quick Info view of a device, which you can also access through the Analysis menu or hovering your mouse cursor over

the Device IP column, displays General and Health information for the device, and when appropriate, Identity and Location information. It also contains links to additional information about the device:

Incidents

An exportable summary of incidents associated with the device

Health

Availability, Performance, and Security health information for the device. You can also access this information by clicking the Device Health user interface control, or by selecting Device Health in the Analysis menu.

BizService

Any business services impacted by the device. You can also access this information by selecting Impacted Business Services in the Analysis menu.

Applications

Displays a report on the top 10 applications associated with the device by Average CPU Utilization over the past hour Vulnerability and IP Status (Not used in the Dashboard view)

Displays the vulnerability status reports that are also available by selecting Vulnerability and IPS Status in the Analysis menu

Hardware Health (Used only for the CMDB/Storage view)

Displays health information for the hardware being used for storage

Interfaces

Displays a report on the top 10 interfaces associated with the device by average throughput Topology

Shows the device’s location in the network topology. You can also access this information by selecting Topology in the Analysis menu.

The Quick Info view also contains two links, Goto Config Item, which links to the device entry in the CMDB, and Goto Identity, which links to Analytics > Identity and Location Report, where you can edit this information for the device.
Device Health Availability, Performance, and Security health reports for the device. You can also access this information by selecting a device in the Summary dashboard, and then click Health, or by going to Quick Info > Health after selecting the device. If any Incidents are displayed, click the number to view the Incident Summary. Depending on the reported metric, you can zoom in for a closer look at graphs and reports by clicking the Magnifying Glass icon that appears when you hover your mouse cursor over them.
Analysis

Menu

 The Analysis menu contains a number of options for component analytics, depending on the component selected. See Using the Analysis Menu for more information. You can also access the Analysis menu for a component by hovering your mouse over the component’s Device IP menu until the blue Quick Info icon appears, and then clicking the icon.
Locations Filters components by their geographic locations. See Setting Device Location Information for more information.
Customize

Columns

 The Custom Columns control lets you change the columns that are displayed in the dashboard. See Adding Custom Columns to Dashboards for more information.

The ESX Hosts View

When you select an individual ESX Host in the Virtual Infrastructure hierarchy, the ESX Health tab will be selected and you will see a widget dashboard with reports for ESX Statistics, Active Incidents, Performance Metrics, Memory Utilization, and Disk Rate. Additional tabs are VM Summary and Top VMs.

Tab

Name

 Description
ESX

Health

 A widget dashboard with reports for ESX Statistics, Active Incidents, Performance Metrics, Memory Utilization, and Disk

Rate
VM

Summary

 A summary dashboard for VMs on the ESX host.
Top VMs A widget dashboard with reports for Top VMs by CPU Utilization, Top VMs by Memory Utilization, Top VMs by Disk Write

Request Rates, Top VMs by CPU Ready Percentage, and Top VMs by Disk Read Request Rate, all updated hourly

The ESX and VM View

When you select an ESX or VM in the Virtual Infrastructure hierarchy, you will see a widget dashboard that contains reports for VM Statistics, Ac tive Incidents, and Performance Metrics.

Monitoring Operations with FortiSIEM

Leave a reply

Monitoring Operations with FortiSIEM

Dashboards – Flash version

FortiSIEM includes several different types of dashboards and views to monitor your IT infrastructure. Topics in this section provide an overview of the General and VM View dashboards available in the Dashboard tab, along with their user interface controls and customization options.

Dashboard Overview

Summary Dashboard User Interface Overview

VM Dashboard User Interface Overview

Widget Dashboard User Interface Overview

Network Topology View of Devices

How Values in Dashboard Columns are Derived

Using the Analysis Menu

Customizing Dashboards

Adding Custom Columns to Dashboards

Adding Widgets to Dashboards

Creating a Customized Dashboard

Setting a Dashboard to Home

Creating Dashboard Slideshow

Exporting and Importing Dashboards Link Usage Dashboard