Table

Displays data in a tabular format.

You can choose to display the bar chart (Show Bar), the event type (Show Event Type), and the count (Count). Set the colors for the bar chart or reverse the color map.

Displays source, event, and destination relationships. Source nodes appear in light blue, Event nodes are color coded by their severity if event attribute "Event Severity Category" exists in the Display Fields on Table view. A node can be clicked and dragged to be repositioned. If a node can be represented by a recognizable device type from FortiSIEM, the appropriate icon will be displayed, otherwise a default monitor icon will appear.

The Rows and Total number represent the number of data items in the table view, not the number of nodes. For example, one representation will consist of 3 nodes (source, event, destination), but if all the data items share the same source, event, and destination, only three nodes will appear.

Click on any node and the following options appear:

• Quick Info - Select to show more information about the selected node.

• Add <object> to Filter - Adds the data from the selected node to a filter.

Select the Source, Event, and Destination from the drop -down lists.

Auto Layout attempts to show all nodes in an optimal manner. To disable, deselect the Auto Layout checkbox.

Bar Chart

Displays data similar to a bar chart.

Select the Aggregate Field (Column) to display and their colors. You can also reverse the color map.

Chord Chart

A graphical method of displaying the inter-relationships between data in a matrix. The data is arranged radially around a circle with the relationships between the data points typically drawn as arcs connecting the data.

Select the incident Source, Target, and Value from the drop-down lists.

Choropleth Chart

A thematic map in which areas are shaded or patterned in proportion to the measurement of the statistical variable being displayed on the map.

Select the Location and Value from the drop-down lists.

Cluster Bubble Chart

You can use a bubble chart instead of a scatter chart if your data has three data series that each contain a set of values. The sizes of the bubbles are determined by the values in the third data series.

Select the Column from the drop-down list.

Displays data similar to a pie chart.

Select the Aggregate Field (Column) to display since the report may have multiple Aggregate Fields.

GEO Map Chart

Displays the IP addresses in a geographic map.

Public or private IP addresses with location defined in ADMIN > Settings > Discovery > Location. See Setting Location.

Heat Map Chart

Displays two event attributes and a numerical aggregate value.

Select the Heat map coordinates X and Y, and an associated Value.

Sankey Chart

A specific type of flow diagram, in which the width of the arrows is shown proportionally to the flow quantity.

Select the Source, Target, and Value from the drop-down lists.

Scatter Plot Chart

Plots two aggregate fields.

Select two aggregate fields, X and Y. Select the Size of the sample.

Sunburst Chart

Visualizes hierarchical data, depicted by concentric circles. The circle in the center represents the root node, with the hierarchy moving outward from the center.

Select the Rank1, Rank2, Rank3 and Count from the drop-down lists.