Fortinet Document Library

Version:


Table of Contents

User Guide

21.4.0
Copy Link

Active Incidents drawer

The Active Incidents drawer shows all active incidents that are occurring in your account. Each incident in the Active Incidents drawer is presented in its own row where relevant information is available at a glance. Such as:

  • When the incident started.

  • The reason why the incident occurred.

  • The instance where the incident occurred.

  • The incident summary. You can see the incident summary by hovering over the summary icon. 

  • The Incident Lead assigned to the incident. If no Incident Lead is assigned, you can assign an Incident Lead to the incident.

  • Whether CounterMeasures is enabled or not. 

  • Any scheduled maintenance.

  • Whether the incident has been acknowledged or not.

To open the Active Incidents drawer, click the Notifications icon from the main navigation header.

The Active Incidents drawer will slide out.

From the Active Incident drawer, you can perform the following actions:

  • Set an Incident Lead

  • Acknowledge one or more incidents

  • Start a maintenance

  • Cancel alerts

Set an Incident Lead

You can assign a team member as the Incident Lead by clicking the Set Incident Lead icon and selecting a user from the dropdown.

Acknowledge an incident

Acknowledging an incident marks the incident with your username. While acknowledging an incident, you have the option to:

  • Add a message to the incident log. 

  • Broadcast a message to all users and integrations in the Alert Timeline who've been previously alerted. 

  • Delay further alerts for a set amount of time. 

  • Cancel all future alerts related to the incident.

To acknowledge an incident, perform the following steps:

  1. Select the checkbox of the incident that you want to acknowledge. Note that you can select more than one.

  2. Click Acknowledge. The Acknowledge Incident drawer, from where you can perform several actions, will slide out.
    See Respond to an incident and delay further alerts for more information on these actions. 

  3. Click Submit.

Start a maintenance

You have two options to put the server affected by the incident under maintenance:

  • Quick – To immediately start the maintenance, click the Maintenance icon then select a duration.

  • Custom – The custom option allows you to control the handling of the maintenance period, including the timing, scope, and other monitoring options. The options are described in Maintenance Schedules.

To extend/end the maintenance, or if you need more information, see Maintenance Schedules.

Cancel alerts

When you cancel alerts, no further alerts will be sent for the selected incident. To cancel alerts, perform the following steps:

  1. Select one or more incidents.

  2. Click the 3-dot menu.

  3. Click Cancel Alerts.
    All succeeding alerts for the incident will be canceled.

Active Incidents drawer

The Active Incidents drawer shows all active incidents that are occurring in your account. Each incident in the Active Incidents drawer is presented in its own row where relevant information is available at a glance. Such as:

  • When the incident started.

  • The reason why the incident occurred.

  • The instance where the incident occurred.

  • The incident summary. You can see the incident summary by hovering over the summary icon. 

  • The Incident Lead assigned to the incident. If no Incident Lead is assigned, you can assign an Incident Lead to the incident.

  • Whether CounterMeasures is enabled or not. 

  • Any scheduled maintenance.

  • Whether the incident has been acknowledged or not.

To open the Active Incidents drawer, click the Notifications icon from the main navigation header.

The Active Incidents drawer will slide out.

From the Active Incident drawer, you can perform the following actions:

  • Set an Incident Lead

  • Acknowledge one or more incidents

  • Start a maintenance

  • Cancel alerts

Set an Incident Lead

You can assign a team member as the Incident Lead by clicking the Set Incident Lead icon and selecting a user from the dropdown.

Acknowledge an incident

Acknowledging an incident marks the incident with your username. While acknowledging an incident, you have the option to:

  • Add a message to the incident log. 

  • Broadcast a message to all users and integrations in the Alert Timeline who've been previously alerted. 

  • Delay further alerts for a set amount of time. 

  • Cancel all future alerts related to the incident.

To acknowledge an incident, perform the following steps:

  1. Select the checkbox of the incident that you want to acknowledge. Note that you can select more than one.

  2. Click Acknowledge. The Acknowledge Incident drawer, from where you can perform several actions, will slide out.
    See Respond to an incident and delay further alerts for more information on these actions. 

  3. Click Submit.

Start a maintenance

You have two options to put the server affected by the incident under maintenance:

  • Quick – To immediately start the maintenance, click the Maintenance icon then select a duration.

  • Custom – The custom option allows you to control the handling of the maintenance period, including the timing, scope, and other monitoring options. The options are described in Maintenance Schedules.

To extend/end the maintenance, or if you need more information, see Maintenance Schedules.

Cancel alerts

When you cancel alerts, no further alerts will be sent for the selected incident. To cancel alerts, perform the following steps:

  1. Select one or more incidents.

  2. Click the 3-dot menu.

  3. Click Cancel Alerts.
    All succeeding alerts for the incident will be canceled.