Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

SLA Management

FortiSOAR provides you with a SLA Templates module using which you can create in-built SLA management for incidents and alerts.

You can define SLAs for incidents and alerts at varying degrees of severity and track whether those SLAs are met or missed.

Tooltip

To use the SLA feature, you must Install the FSR Content Pack (FSR-IR-CONTENT-PACK) on a fresh installation of FortiSOAR. You must deploy your FortiSOAR license before installing theFSR Content Pack. Also, NEVER install the content pack after you have modified any data or have any existing data. If you proceed with installing theFSR Content Pack after you have modified or added data, then the customizations or data might be lost.

The FSR Content Pack contains the "Case Management" playbooks collection that automatically tracks the SLAs of the case management workflows and other OOB playbooks that demonstrate various use cases. For more information on the FSR Content Pack, see the FSR Content Pack article present in the Fortinet Knowledge Base. You can also use the SLA Calculator connector and playbooks associated with the same to calculate when the SLAs are due based on the locale and work hours that you have specified. For more information on the SLA calculator, see the SLA calculator documentation on the FortiSOAR Connectors page.

Note

To view automatic tracking of SLAs on your incident or alert records, you do not need to modify the "Case Management" playbooks collection. However, you require to schedule some playbooks in this collection. For more information, see the Scheduling SLAs article present in the Fortinet Knowledge Base.

Permissions required for managing SLAs

To create and manage SLAs, you must be assigned a role with a minimum of Create, Read, and Update permission on the SLA Templates module and Playbooks modules along with the default Read permission on the Application module.

Creating SLA Templates

You can create SLA templates for each level of severity of incidents or alerts. You can set SLAs for both alerts and incidents using the same SLA Template.

For example, you can create 5 SLAs for incidents at severity levels: Critical, High, Medium, Low, and Minimal.

  1. Click Automation > SLA Templates in the left navigation bar.
  2. To add a new SLA Template, click Add.
  3. In the Create New SLA Template dialog, enter the following details:
    1. From the Severity drop-down list, select the severity level of the incident for which you are defining the SLAs.
      For example, if you select severity as "Critical", and you specify the acknowledgement time as 10 minutes and response time as 15 minutes, this means that to meet the SLA, users must acknowledge incidents within 10 minutes and respond to the incident within 15 minutes of the incident getting created.
      Note: You can update the default Severity picklist and then choose any severity (including custom) parameter.
    2. (Optional) To make it easier to search and filter SLA templates, in the Add Tags field, you can enter appropriate tags.
    3. From the Incident Ack SLA Tracked On drop-down list, select the status in which the incident will be marked as acknowledged. For example, select In Progress.
      Note: You can update the default Status picklist and then choose any status (including custom) parameter.
    4. From the Incident Response SLA Tracked On drop-down list, select the status in which the incident will be marked as responded. For example, select Resolved.
    5. In the Incident Ack Time field, add the number of minutes within which users must acknowledge an incident.
    6. In the Incident Response Time field, add the number of minutes within which users must respond to an incident.
      You can similarly set SLAs for alerts.
  4. Click Save to save the SLA Template.
    Form for creating a new SLA Template

Viewing SLAs

You can view fields related to SLAs in the detail view of your alert or incident record, where you will see fields such as Ack Due Date, Ack Date, Ack SLA, Response Due Date, etc. using which you can track whether or not the SLAs have been met.

To automate the management of SLA workflows, you require to do the following:

  1. Install the FSR-IR-CONTENT-PACK. This would import the "Case Management" playbooks collection into your FortiSOAR instance. For more information on the FSR-IR-CONTENT-PACK, see the FSR Content Pack article present in the Fortinet Knowledge Base.
  2. Schedule the SLAs. For more information, see the Scheduling SLAs article present in the Fortinet Knowledge Base.
Tooltip

Records must be in the “Open” state along with a proper severity set for the acknowledgement and response SLAs to be calculated.

Once you have installed the FSR Content Pack and scheduled the SLAs, whether the SLAs have been met or missed in the incident and alert records as shown in the following image:

Sample alert record with SLAs set

SLA Management

FortiSOAR provides you with a SLA Templates module using which you can create in-built SLA management for incidents and alerts.

You can define SLAs for incidents and alerts at varying degrees of severity and track whether those SLAs are met or missed.

Tooltip

To use the SLA feature, you must Install the FSR Content Pack (FSR-IR-CONTENT-PACK) on a fresh installation of FortiSOAR. You must deploy your FortiSOAR license before installing theFSR Content Pack. Also, NEVER install the content pack after you have modified any data or have any existing data. If you proceed with installing theFSR Content Pack after you have modified or added data, then the customizations or data might be lost.

The FSR Content Pack contains the "Case Management" playbooks collection that automatically tracks the SLAs of the case management workflows and other OOB playbooks that demonstrate various use cases. For more information on the FSR Content Pack, see the FSR Content Pack article present in the Fortinet Knowledge Base. You can also use the SLA Calculator connector and playbooks associated with the same to calculate when the SLAs are due based on the locale and work hours that you have specified. For more information on the SLA calculator, see the SLA calculator documentation on the FortiSOAR Connectors page.

Note

To view automatic tracking of SLAs on your incident or alert records, you do not need to modify the "Case Management" playbooks collection. However, you require to schedule some playbooks in this collection. For more information, see the Scheduling SLAs article present in the Fortinet Knowledge Base.

Permissions required for managing SLAs

To create and manage SLAs, you must be assigned a role with a minimum of Create, Read, and Update permission on the SLA Templates module and Playbooks modules along with the default Read permission on the Application module.

Creating SLA Templates

You can create SLA templates for each level of severity of incidents or alerts. You can set SLAs for both alerts and incidents using the same SLA Template.

For example, you can create 5 SLAs for incidents at severity levels: Critical, High, Medium, Low, and Minimal.

  1. Click Automation > SLA Templates in the left navigation bar.
  2. To add a new SLA Template, click Add.
  3. In the Create New SLA Template dialog, enter the following details:
    1. From the Severity drop-down list, select the severity level of the incident for which you are defining the SLAs.
      For example, if you select severity as "Critical", and you specify the acknowledgement time as 10 minutes and response time as 15 minutes, this means that to meet the SLA, users must acknowledge incidents within 10 minutes and respond to the incident within 15 minutes of the incident getting created.
      Note: You can update the default Severity picklist and then choose any severity (including custom) parameter.
    2. (Optional) To make it easier to search and filter SLA templates, in the Add Tags field, you can enter appropriate tags.
    3. From the Incident Ack SLA Tracked On drop-down list, select the status in which the incident will be marked as acknowledged. For example, select In Progress.
      Note: You can update the default Status picklist and then choose any status (including custom) parameter.
    4. From the Incident Response SLA Tracked On drop-down list, select the status in which the incident will be marked as responded. For example, select Resolved.
    5. In the Incident Ack Time field, add the number of minutes within which users must acknowledge an incident.
    6. In the Incident Response Time field, add the number of minutes within which users must respond to an incident.
      You can similarly set SLAs for alerts.
  4. Click Save to save the SLA Template.
    Form for creating a new SLA Template

Viewing SLAs

You can view fields related to SLAs in the detail view of your alert or incident record, where you will see fields such as Ack Due Date, Ack Date, Ack SLA, Response Due Date, etc. using which you can track whether or not the SLAs have been met.

To automate the management of SLA workflows, you require to do the following:

  1. Install the FSR-IR-CONTENT-PACK. This would import the "Case Management" playbooks collection into your FortiSOAR instance. For more information on the FSR-IR-CONTENT-PACK, see the FSR Content Pack article present in the Fortinet Knowledge Base.
  2. Schedule the SLAs. For more information, see the Scheduling SLAs article present in the Fortinet Knowledge Base.
Tooltip

Records must be in the “Open” state along with a proper severity set for the acknowledgement and response SLAs to be calculated.

Once you have installed the FSR Content Pack and scheduled the SLAs, whether the SLAs have been met or missed in the incident and alert records as shown in the following image:

Sample alert record with SLAs set