Home

> Administration > General Settings > Analytics Settings

Analytics Settings

The following section describes the procedures for Analytics settings:

Scheduling Report Alerts

You can schedule reports to run and send email notifications to specific individuals. This setting is for default email notifications that will be sent when any scheduled report is generated.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Select the required action under Scheduled Report Alerts section.
    • Do not send scheduled emails if report is empty - Sometimes a report may be empty because there are no matching events. If you don't want to send empty reports to users, select this option. If you are running a multi-tenant deployment, and you select this option while in the Super/Global view, this will apply only to Super/Global reports. If you want to suppress delivery of empty reports to individual Organizations, configure this option in the Organizational view.
  3. Enter the email address in Deliver notification via filed. Click + to add more than one email address, if needed.
  4. Click Save.
  5. To receive email notifications, go to Admin > General Settings > System > Email and configure your mail server.

Setting Incident SNMP Traps

You can define SNMP traps that will be notified when an event triggers an incident.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Incident SNMP Traps section.
    1. SNMP Trap IP Address
    2. SNMP Community String - to authorize sending the trap to the SNMP trap IP address.
  3. Select the SNMP Trap Type and SNMP Trap Protocol options.
  4. Click Test to check the connection.
  5. Click Save.

Setting Incident HTTP Notification

You can configure FortiSIEM to send an XML message over HTTP(s) when an incident is triggered by a rule.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Incident Http Notification section.
  3. For HTTP(S) Server URL, enter the URL of the remote host where the message should be sent.
  4. Enter the User Name and Password to use when logging in to the remote host, and enter Confirm Password to reconfirm the password.
  5. Click Test to check the connection.
  6. Click Save.

Setting Remedy Notification

You can set up Remedy to accept notifications from FortiSIEM and generate tickets from those notifications. These instructions show how to set up the routing to your Remedy server.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Remedy Notification section.
  3. For WSDL, enter the URL of the Remedy Server.
  4. Enter the User Name and Password associated with your Remedy server, and enter Confirm Password to reconfirm the password.
  5. Click Test to check the connection.
  6. Click Save.

Scheduling Report Copy

Reports can be copied to a remote location when the scheduler runs any report. Note that this setting only supports copy to Linux remote directory.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Scheduled Report Copy section.
  3. Enter the Host - IP address or name.
  4. Enter the Path - absolute path, like /abc/def
  5. Enter the User Name and Password, and enter Confirm Password to reconfirm the password.
  6. Click Test to check the connection.
  7. Click Save.

Note: For all the above configurations, use the Edit button to modify any setting or Delete to remove any setting.