FortiSIEM Creating an Incident Notification Policy

Creating an Incident Notification Policy

Prerequisites

Make sure you have enabled the settings for sending email or other notification actions as described in Setting Up Routing Information for Reports and Incident Notifications.

You should read the introductory topic on incident notifications to understand how policy conditions are processed..

Procedure

  1. Log in to your Supervisor node.
  2. Go to Analytics > Incident Notification Policy.
  3. Click New.
  4. Select the Incident Severity.

Only incidents matching the severity level you select will trigger a notification.

  1. For Rules, click and select the rule or rules you want to trigger this notification.
  2. Set a Time Range during which this notification will be in effect.

Notifications will be sent only if an incident occurs during the time range you set here.

  1. For Affected Items, click and use the CMDB Browser to select the devices or applications for which this policy should apply.

Instead of individual devices or groups, you can apply the notification policy to an IP address or range by clicking Add under IP/Range. You can also select a group, and then select the Not option to explicitly exclude that group of applications or devices from the notification policy.

  1. For multi-tenant deployments, select the Organizations to which the notification policy should apply.

Notifications will be sent only if the triggering incidents affect the selected organization.

  1. Select the Actions to take when the notification is triggered.

See the topics under Sending Email and SMS Notifications for Incidents, Creating Tickets In FortiSIEM In-built Ticketing System, Creatin g Inbound Policies for Updating Ticket Status from External Ticketing Systems, and Setting Scripts as Notification Actions for more information about notification actions.

  1. Enter any Comments about the policy.
  2. When you are finished creating the notification policy, select Enabled to make it active in your deployment.
  3. Click Save.
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.