Fortinet black logo

FortiAnalyzer incidents

6.2.3
Copy Link
Copy Doc ID 393b7b6d-744c-11ea-9384-00505692583a:649122
Download PDF

FortiAnalyzer incidents

Incidents will be imported from FortiAnalyzer and displayed in the FortiAnalyzer Integration App > FortiAnalyzer Incidents after ServiceNow receives notification from FortiAnalyzer upon the creation or update of an incident.

To create a security incident manually in the FortiAnalyzer Integration App:
  1. Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
  2. Click an incident to display the incident details.
  3. In the incident details view, click Create Security Incident.

    A message shows the security incident number.

To view a security incident:
  1. Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
  2. Click an incident to display the incident details
  3. In the incident details view, click Open Security Incident.

    The FortiAnalyzer Incident tab displays FortiAnalyzer incident details and attached events

To search for a security incident:

The Search Text field is not case-sensitive. You can search for multiple keywords using a pair of ampersands separated by a space.

For example, 11 && 22 && 33.

To customize the view:

Click Menu next to the search field to Refresh List or Manage Columns.

To remove an incident:

Select the incident and click Delete. Removing an incident from the view does not delete it from the database.

Note

You must have x_forti_fazintgv2.admin user role to remove an incident. See ServiceNow roles.

FortiAnalyzer incidents

Incidents will be imported from FortiAnalyzer and displayed in the FortiAnalyzer Integration App > FortiAnalyzer Incidents after ServiceNow receives notification from FortiAnalyzer upon the creation or update of an incident.

To create a security incident manually in the FortiAnalyzer Integration App:
  1. Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
  2. Click an incident to display the incident details.
  3. In the incident details view, click Create Security Incident.

    A message shows the security incident number.

To view a security incident:
  1. Go to FortiAnalyzer Integration App > FortiAnalyzer Incidents.
  2. Click an incident to display the incident details
  3. In the incident details view, click Open Security Incident.

    The FortiAnalyzer Incident tab displays FortiAnalyzer incident details and attached events

To search for a security incident:

The Search Text field is not case-sensitive. You can search for multiple keywords using a pair of ampersands separated by a space.

For example, 11 && 22 && 33.

To customize the view:

Click Menu next to the search field to Refresh List or Manage Columns.

To remove an incident:

Select the incident and click Delete. Removing an incident from the view does not delete it from the database.

Note

You must have x_forti_fazintgv2.admin user role to remove an incident. See ServiceNow roles.