FortiSIEM Creating Tickets in External Ticketing System

Creating Tickets in External Ticketing System

See External Helpdesk System Integration.

Using Incidents in Searches and Rules

Creating an Historical Search from an Incident

Creating a Real Time Search from an Incident Editing Rules from Incidents

Creating an Historical Search from an Incident

When you are viewing an incident, you may want to about other events related to the source or target of the incident. This topic describes how to create an historical search from an incident.

  1. In the Incident Dashboard, select the incident you want to use.
  2. Select the Incident Source or Incident Target you want to use, and then select Show Related Historical Events.

The Historical Search interface will load, with the IP address of the selected incident attribute loaded in the Filter By conditions, and the Display Fields set to the incident attributes.

  1. Click Run.
  2. You will see a list of events for the Incident Source or Target, which you can further analyze as described in Refining the Results from Historical Search.

Creating a Real Time Search from an Incident

When you are viewing an incident, you may want to about other events related to the source or target of the incident. This topic describes how to create a real time search from an incident.

  1. In the Incident Dashboard, select the incident you want to use.
  2. Select the Incident Source or Incident Target you want to use, and then select Show Related Real Time Events.

The real time search interface will load, with the IP address of the selected incident attribute loaded in the Filter By conditions, and the Di splay Fields set to the incident attributes.

  1. Click Run.
  2. You will see a list of events for the Incident Source or Target, which you can further analyze as described in Viewing and Refining Real Time Search Results.

Editing Rules from Incidents

If you need to edit the rule associated with an incident, you can do so directly from the Incident Dashboard.

  1. In the Incident Dashboard, select an incident based on the rule you want to edit.
  2. Click in any column of the selected incident to open the Options menu, and then select Edit Rule.
  3. Edit the rule as necessary, and then click Save.
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.