Analytics Settings

The following section describes the procedures for Analytics settings:

Scheduling Report Alerts

You can schedule reports to run and send email notifications to specific individuals. This setting is for default email notifications that will be sent when any scheduled report is generated.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Select the required action under Scheduled Report Alerts section.

    • Do not send scheduled emails if report is empty - Sometimes a report may be empty because there are no matching events. If you don't want to send empty reports to users, select this option. If you are running a multi-tenant deployment, and you select this option while in the Super/Global view, this will apply only to Super/Global reports. If you want to suppress delivery of empty reports to individual Organizations, configure this option in the Organizational view.
  3. Enter the email address in Deliver notification via filed. Click + to add more than one email address, if needed.
  4. Click Save.
  5. To receive email notifications, go to Admin > General Settings > System > Email and configure your email server.

Setting Incident SNMP Traps

You can define SNMP traps that will be notified when an event triggers an incident.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Incident SNMP Traps section.

    1. SNMP Trap IP Address
    2. SNMP Community String to authorize sending the trap to the SNMP trap IP address.
  3. Select the SNMP Trap Type and SNMP Trap Protocol options.
  4. Click Test to check the connection.
  5. Click Save.

Setting Incident HTTP Notification

You can configure FortiSIEM to send an XML message over HTTP(s) when an incident is triggered by a rule.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Incident HTTP Notification section.

    1. For HTTP(S) Server URL, enter the URL of the remote host where the message should be sent.
    2. Enter the User Name and Password to use when logging in to the remote host, and enter Confirm Password to reconfirm the password.
  3. Click Test to check the connection.
  4. Click Save.

Setting Remedy Notification

You can set up Remedy to accept notifications from FortiSIEM and generate tickets from those notifications. These instructions show how to set up the routing to your Remedy server.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Remedy Notification section.

    1. For WSDL, enter the URL of the Remedy Server.
    2. Enter the User Name and Password associated with your Remedy server, and enter Confirm Password to reconfirm the password.
  3. Click Test to check the connection.
  4. Click Save.

Scheduling Report Copy

You can copy reports to a remote location when the scheduler runs any report. Note that this setting only supports copy to Linux remote directory.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Enter the following information under Scheduled Report Copy section.

    1. Enter the Host - IP address or name.
    2. Enter the Path - absolute path, like /abc/def
    3. Enter the User Name and Password, and enter Confirm Password to reconfirm the password.
  3. Click Test to check the connection.
  4. Click Save.

Setting Rule Subcategory

You can add a Subcategory for custom Rules and also create new Subcategories. Subcategories are defined for every system-defined rule under the Categories: Availability, Performance, Change, Security and Other.

  1. Go to ADMIN > General Settings > Analytics tab.
  2. Select the Category where you want to add a Subcategory.
    The default Subcategories appear in the right column.
  3. Use the following settings to configure a Rule Subcategory:

    • to add a new subcategory, click Add and enter the Subcategory name.
    • to edit a subcategory, click the edit icon and modify the name.
    • to delete a subcategory, click the - icon.
  4. Click the check mark to confirm.
  5. Click Save All to apply all the changes.
    This new Subcategory gets added to the Subcategory list as well as the Subcategory drop-down list while defining a Rule under RESOURCES.