FortiSIEM Using Group By Attributes to View Incidents

Using Group By Attributes to View Incidents

The Incident Dashboard presents a view of all incidents based on the filter conditions you select. However, there may be situations in which you want to view incidents grouped on incident attributes like Incident Source, Incident Target, Severity, or Incident Name. Once incidents are grouped by their attributes, you can view Incident Details for the entire group.

  1. Log in to your Supervisor node.
  2. Go to Incidents.
  3. In the Group By menu, select the attributes you want to use to group the incidents, and then click Refresh.

The Incident Dashboard will refresh and display incidents grouped according to the attributes you selected, with a COUNT(Matched Events) column that indicates how many incidents are in each group.

  1. Select a group and then click on it to open the Options
  2. In the Options menu, select Show Incident Details for This Group.

The Incident Dashboard will refresh to show all incidents in the selected incident group, and you can use the Contextual Menus to find out more information about them.

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.