Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide

Marking a Security Event as Handled/Unhandled

5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:642779
Download PDF

Marking a Security Event as Handled/Unhandled

The following describes how to specify that you have handled a security event. When any FortiEDR Central Manager user marks a security event as Handled, all users see it as having been handled.

  1. Select the rule’s checkbox and then click the button or just click the flag icon of the security event row. The Event Handling window displays.

    Note: If an exception was already defined for this security event, then the words event includes exceptions are displayed at the top of the Event Handling window.

  2. In the Classification dropdown list, change the classification for the security event, if needed. For more details,Manually Changing the Classification of a Security Event
  3. In the comments box, use free text to describe how you handled the security event.
  4. Click the Save as Handled button. The flag icon next to the security event changes from dark gray to light gray to indicate to all users that it has been handled.

  5. [Optional] Check the Archive When Handled checkbox to archive the security event after handling it. When you select this option, the security event is marked both as handled and as archived.
  6. [Optional] Click the arrow to the left of Advanced to display the Mute events notification field. Select this checkbox if you want to mute the notifications for this security event. In addition, specify how long to mute the security event notifications. Notifications can be muted for 1 Week, 1 Month, 1 Year or Permanently. When checked, you will not receive notifications whenever this security event is triggered. When using this option, click the Save as Handled button, which indicates that the security event has been both handled and saved.

    Note: Security events with muted event notifications are indicated by the icon in the Event Viewer.

Previous
Next

Marking a Security Event as Handled/Unhandled

The following describes how to specify that you have handled a security event. When any FortiEDR Central Manager user marks a security event as Handled, all users see it as having been handled.

  1. Select the rule’s checkbox and then click the button or just click the flag icon of the security event row. The Event Handling window displays.

    Note: If an exception was already defined for this security event, then the words event includes exceptions are displayed at the top of the Event Handling window.

  2. In the Classification dropdown list, change the classification for the security event, if needed. For more details,Manually Changing the Classification of a Security Event
  3. In the comments box, use free text to describe how you handled the security event.
  4. Click the Save as Handled button. The flag icon next to the security event changes from dark gray to light gray to indicate to all users that it has been handled.

  5. [Optional] Check the Archive When Handled checkbox to archive the security event after handling it. When you select this option, the security event is marked both as handled and as archived.
  6. [Optional] Click the arrow to the left of Advanced to display the Mute events notification field. Select this checkbox if you want to mute the notifications for this security event. In addition, specify how long to mute the security event notifications. Notifications can be muted for 1 Week, 1 Month, 1 Year or Permanently. When checked, you will not receive notifications whenever this security event is triggered. When using this option, click the Save as Handled button, which indicates that the security event has been both handled and saved.

    Note: Security events with muted event notifications are indicated by the icon in the Event Viewer.

Previous
Next