Forensic Analysis Forensic Reports
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925 103
Figure 39: Configuring the forensic analysis report criteria
Report Profile Select to save the report profile for future reports or On Demand
to use the report profile once. Once the FortiAnalyzer unit runs the
report, the profile created is removed from the system.
Report Category Select the type of analysis to include in the report, either user or
device.
User Select a user from the list. Alternatively, select Specify and select
an option from the Specify list.
This setting is available when using the User Analysis Report
Category.
Specify Select to generate a report based on a specific user name or IP
address. This option becomes available when selecting Specify
from the User selection.
This setting is available when using the User Analysis Report
Category.
Source IP Address
Username (in logs)
Depending on the selection from the Specify list, enter the
appropriate information.
This setting is available when using the User Analysis Report
Category.
Group Select to generate a report on a specific user group.
This setting is available when using the User Analysis Report
Category.
Group Name (in logs) Enter a specific group name. This option becomes available when
selecting Specify from the Group selection.
This setting is available when using the User Analysis Report
Category.
Report Granularity Select the number of results for the report.
This setting is available when using the User Analysis and Device
Analysis Report Categories.
Device(s) Select a device or device group.
This setting is available when using the User Analysis and Device
Analysis Report Categories.
Virtual Domains Enter a virtual domain name for the report.
This setting is available when using the Device Analysis Report
Category.
Resolve Host Names Select to display host names by a recognizable name rather than
IP addresses. For details on configuring IP address host names,
see “IP Aliases” on page 53.
Resolve Service
Names
Select to display network service names rather than port numbers.
For example, HTTP rather than port 80.