Creating incident notification subscriptions

To create an incident notification subscription, follow these steps.

How to create an incident notification subscription

1. In the FortiDLP Console, on the left-hand sidebar, click .
2. Under Integrations, select the Incident notifications tab.
3. Click Create new subscription.
4. In the Create new subscription dialog box:
   1. Do one of the following:
      • To enable the notification immediately after configuration/verification, keep the Enabled toggle on.
      • To enable the notification later, turn the Enabled toggle off. (When you are ready to enable the notification, turn this back on and resave the configuration.)
   2. In the Recipient field, type the email address to send notifications to. Only one recipient can be provided for each subscription.
   3. Apply filters for the notifications you want to receive:
      • To be notified when an incident is created, turn the An incident is created toggle on.
      • To be notified when an incident is resolved, turn the An incident is resolved toggle on.
      • To be notified when an incident is updated to include a detection by a new user, turn the A detection is generated by a new user toggle on.
      • To be notified when an incident is updated to include a detection by a new node, turn the A detection is generated by a new node toggle on.
        
        
   4. Optionally, in the Minimum risk score field, type a minimum risk score between 0–100 to filter by.

   For example, to only be notified about critical incidents, you could filter for incidents that have a minimum risk score of 90.

   5. Click Create.

A verification email will then be sent to the email address specified in the Recipient field. The recipient of this email must verify the subscription within 48 hours. If the recipient does not do this before the verification email expires, you will need to open the subscription's configuration panel and click Send to generate another verification email.