Adding events and detections to cases

You can add events and detections to a case from various parts of the FortiDLP Console.

Follow these instructions to add an event or a detection to a case from either the Investigate or Incidents module.

How to add an event/detection to a case from the Investigate module

In the FortiDLP Console, click .
Do one of the following:
- To add an event/detection from the Event streams tab:
  1. Click an event stream.
  2. Filter for the relevant event/detection. For details, see Viewing event streams.
  3. In the Events section, select the table row of the event/detection you want to add.
- To add an event/detection from the Activity feed tab:
  1. Select the Activity feed tab.
  2. Filter for the relevant event/detection. For details, see Viewing the Activity feed.
  3. Select the table row of the event/detection you want to add.
At the top of the Event/Detection details panel, click Add to case.
Do one of the following:
- To add the event/detection to a recent case, in the Recent tab, locate the case in the list and click Add.
- To add the event/detection to an older case:
  1. Select the Open cases tab.
  2. Locate the case in the list and click Add.

How to add a detection to a case from the Incidents module

In the FortiDLP Console, on the left-hand sidebar, click .
Filter for the relevant incident. For details, see Viewing incidents.
In the Incidents table, select the row of incident comprising the relevant detection.
In the table at the bottom of the page, select the row of the detection you want to add.
At the top of the Detection details panel, click Add to case.
Do one of the following:
- To add the detection to a recent case, in the Recent tab, locate the case in the list and click Add.
- To add the detection to an older case:
  1. Select the Open cases tab.
  2. Locate the case in the list and click Add.

Adding events and detections to cases

You can add events and detections to a case from various parts of the FortiDLP Console.

Follow these instructions to add an event or a detection to a case from either the Investigate or Incidents module.

How to add an event/detection to a case from the Investigate module

In the FortiDLP Console, click .
Do one of the following:
- To add an event/detection from the Event streams tab:
  1. Click an event stream.
  2. Filter for the relevant event/detection. For details, see Viewing event streams.
  3. In the Events section, select the table row of the event/detection you want to add.
- To add an event/detection from the Activity feed tab:
  1. Select the Activity feed tab.
  2. Filter for the relevant event/detection. For details, see Viewing the Activity feed.
  3. Select the table row of the event/detection you want to add.
At the top of the Event/Detection details panel, click Add to case.
Do one of the following:
- To add the event/detection to a recent case, in the Recent tab, locate the case in the list and click Add.
- To add the event/detection to an older case:
  1. Select the Open cases tab.
  2. Locate the case in the list and click Add.

How to add a detection to a case from the Incidents module

In the FortiDLP Console, on the left-hand sidebar, click .
Filter for the relevant incident. For details, see Viewing incidents.
In the Incidents table, select the row of incident comprising the relevant detection.
In the table at the bottom of the page, select the row of the detection you want to add.
At the top of the Detection details panel, click Add to case.
Do one of the following:
- To add the detection to a recent case, in the Recent tab, locate the case in the list and click Add.
- To add the detection to an older case:
  1. Select the Open cases tab.
  2. Locate the case in the list and click Add.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

FortiDLP Console User Guide

Adding events and detections to cases

Adding events and detections to cases

How to add an event/detection to a case from the Investigate module

How to add a detection to a case from the Incidents module

Adding events and detections to cases

Adding events and detections to cases

How to add an event/detection to a case from the Investigate module

How to add a detection to a case from the Incidents module