Fortinet black logo

User Guide

Incident Solutions

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:353276
Download PDF

Incident Solutions

Incident Solutions provide a mechanism to document and disseminate the steps taken to respond to an incident, including details captured during triage and diagnosis phases and the steps to ultimately resolve the incident.

The solution functionality is driven by a collection of content that your team builds as they respond to issues that arise in your infrastructure. As your team captures details related to active incidents, they can be entered as a new solution in the system which will then be analyzed and surfaced as suggestions when similar incidents arise. This allows your team take advantage of previous learnings and to more quickly respond to subsequent problems.

How it works

The Incident Solution functionality is an extension of our existing incident management functionality. Below is a walkthrough of how it works.

  1. Incident is detected and alerts are distributed to relevant users based on your alert timelines.

  2. Throughout the control panel, incidents that have a potentially applicable solution will be shown with a light bulb icon:

  3. Clicking the incident opens its details page. A link indicating that a possible solution is available will be shown in the event panel of the metric that triggered the alert.

  4. Clicking the link will display a list of the possible solutions for the incident.

  5. Your team can then view more details about any of the solutions and decide which of those to implement.

  6. When an incident is resolved:

    1. A user can indicate in the summary that the issue was resolved due to an existing solution.

    2. User can define a new solution.

Apply a solution to an incident

There are three ways to associate a solution with an incident:

  • Use a possible solution – Use this option to use solutions that we’re able to surface based on matching of incident details (instances, metrics, etc.) to previously encountered incidents in the system.

  • Use an existing solution – You can use this option as a fallback if no suggested incident solution match is available.

  • Create a new solution – Create a new solution for the incident.

Details on each of these are in the following sections.

Apply a possible solution

1. If a possible solution for an incident is detected, a lightbulb icon will be displayed. Open the incident’s details page to review the solution.

2. Click the Solutions Available link from the event panel of the incident to view the solution.

3. Review the solution.

4. If the solution was useful in diagnosing or resolving the incident, click Apply to associate the solution with the incident.

Existing solution

To add an existing Incident Solution to an incident, perform the following steps:

  1. Open the details page of the incident where you want to add a solution.

  2. Click Add Incident Solution.

3. Click Select Existing Solution.

4. Select the solution that you want to apply to the incident from the Select Solution dropdown.

5. Select the metric where you want to apply the solution.

6. Click Submit.

7. To verify, click Incident Solution Set from the incident’s event panel.

New solution

If the system cannot find an incident solution that matches the parameters of the incident, you can create new incident solution and capture relevant information that can help your team diagnose and solve the incident. Some suggested content for the solution include:

  • Steps to diagnose and confirm the incident

  • Copy of sample commands and their output

  • Link to vendor and third-party documentation

  • Other relevant information

To add a new Incident Solution to an incident, perform the following steps:

  1. Open the details page of the incident where you want to add a solution.

  2. Click Add Incident Solution.

3. Select New Solution.

4. Enter a name for the solution. After providing a name, a text box where you can write the solution will become available.

5. Select the metric where you want to apply the solution.

7. Click Submit.

8. To verify, click Incident Solution Set from the incident’s event panel.

Manage Incident Solutions

Incident Solutions can be viewed, edited, or deleted from the Incident Hub. Click View Incident Solutions to show all of the available solutions.

To edit or delete a solution, click the 3-dot icon then click View to edit or Delete to remove the solution.

Usage history

The Usage History section shows you how many time an Incident Solution was used to resolve an incident.

Incident Solutions

Incident Solutions provide a mechanism to document and disseminate the steps taken to respond to an incident, including details captured during triage and diagnosis phases and the steps to ultimately resolve the incident.

The solution functionality is driven by a collection of content that your team builds as they respond to issues that arise in your infrastructure. As your team captures details related to active incidents, they can be entered as a new solution in the system which will then be analyzed and surfaced as suggestions when similar incidents arise. This allows your team take advantage of previous learnings and to more quickly respond to subsequent problems.

How it works

The Incident Solution functionality is an extension of our existing incident management functionality. Below is a walkthrough of how it works.

  1. Incident is detected and alerts are distributed to relevant users based on your alert timelines.

  2. Throughout the control panel, incidents that have a potentially applicable solution will be shown with a light bulb icon:

  3. Clicking the incident opens its details page. A link indicating that a possible solution is available will be shown in the event panel of the metric that triggered the alert.

  4. Clicking the link will display a list of the possible solutions for the incident.

  5. Your team can then view more details about any of the solutions and decide which of those to implement.

  6. When an incident is resolved:

    1. A user can indicate in the summary that the issue was resolved due to an existing solution.

    2. User can define a new solution.

Apply a solution to an incident

There are three ways to associate a solution with an incident:

  • Use a possible solution – Use this option to use solutions that we’re able to surface based on matching of incident details (instances, metrics, etc.) to previously encountered incidents in the system.

  • Use an existing solution – You can use this option as a fallback if no suggested incident solution match is available.

  • Create a new solution – Create a new solution for the incident.

Details on each of these are in the following sections.

Apply a possible solution

1. If a possible solution for an incident is detected, a lightbulb icon will be displayed. Open the incident’s details page to review the solution.

2. Click the Solutions Available link from the event panel of the incident to view the solution.

3. Review the solution.

4. If the solution was useful in diagnosing or resolving the incident, click Apply to associate the solution with the incident.

Existing solution

To add an existing Incident Solution to an incident, perform the following steps:

  1. Open the details page of the incident where you want to add a solution.

  2. Click Add Incident Solution.

3. Click Select Existing Solution.

4. Select the solution that you want to apply to the incident from the Select Solution dropdown.

5. Select the metric where you want to apply the solution.

6. Click Submit.

7. To verify, click Incident Solution Set from the incident’s event panel.

New solution

If the system cannot find an incident solution that matches the parameters of the incident, you can create new incident solution and capture relevant information that can help your team diagnose and solve the incident. Some suggested content for the solution include:

  • Steps to diagnose and confirm the incident

  • Copy of sample commands and their output

  • Link to vendor and third-party documentation

  • Other relevant information

To add a new Incident Solution to an incident, perform the following steps:

  1. Open the details page of the incident where you want to add a solution.

  2. Click Add Incident Solution.

3. Select New Solution.

4. Enter a name for the solution. After providing a name, a text box where you can write the solution will become available.

5. Select the metric where you want to apply the solution.

7. Click Submit.

8. To verify, click Incident Solution Set from the incident’s event panel.

Manage Incident Solutions

Incident Solutions can be viewed, edited, or deleted from the Incident Hub. Click View Incident Solutions to show all of the available solutions.

To edit or delete a solution, click the 3-dot icon then click View to edit or Delete to remove the solution.

Usage history

The Usage History section shows you how many time an Incident Solution was used to resolve an incident.