Submit Search

Running a Built-in Search

FortiSIEM provides a number of built-in reports.

To run an built-in report:

Go to ANALYTICS tab.
From the folder drop-down on left, select Shortcuts or the Reports folder.
- Shortcuts folder contains a few quick reports.
- Reports folder contains the entire collection of built-in reports.
  You can search for a specific report in both these collections by typing in keywords in the Search box.
Select a specific report and click >.
If you are generating the report from Shortcuts, select whether you want to run the report in the currently selected tab or a new tab.
Note: Running search in the currently selected tab wipes out the existing results displayed on that tab.
The query will run and display the results.
Note: You can also run the reports from RESOURCES > Reports folder. See here.

Search can be performed in two modes:

Real time mode – from current time onwards. This mode runs only built-in searches that have no aggregation (for example, Shortcuts > Raw Messages). Note that every time you re-run this query, the displayed results will change.
Historical mode – for previous time periods. Any query can be run in this mode. Note that the displayed search results will not change if you re-run this query for Absolute time range.

To run a historical search:

Click on the Edit Filters and Time Range edit box.
The filter conditions are displayed for the selected built-in query.
For Time, select Relative or Absolute option.
1. For Relative option, the query will run for a duration in the past, starting from current time. Select the value and time scale in (Minutes/Hours/Days).
2. For Absolute option, the query will run for a specific time window in the past. There are two ways to specify this:
  1. Using two explicitly defined time epochs.
  2. Using Always prior option to define time-periods like last 1 week or last 2 months. If you are interested in re-running the same report on a daily basis, then you do not have to change the time period.
Click Save & Run.

FortiSIEM 5.1.2