FortiAnalyzer incidents
Incidents will be imported from FortiAnalyzer and displayed in the FortiAnalyzer Integration App > FortiAnalyzer Incidents after ServiceNow receives notification from FortiAnalyzer upon the creation or update of an incident.
To create a security incident manually in the FortiAnalyzer Integration App:
- Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
- Click an incident to display the incident details.
- In the incident details view, click Create Security Incident.
A message shows the security incident number.
To view a security incident:
- Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
- Click an incident to display the incident details
- In the incident details view, click Open Security Incident.
The FortiAnalyzer Incident tab displays FortiAnalyzer incident details and attached events
To search for a security incident:
The Search Text field is not case-sensitive. You can search for multiple keywords using a pair of ampersands separated by a space.
For example, 11 && 22 && 33
.
To customize the view:
Click Menu next to the search field to Refresh List or Manage Columns.
To remove an incident:
Select the incident and click Delete. Removing an incident from the view does not delete it from the database.
You must have |