Fortinet black logo

Administration Guide

Home FortiSOAR 7.2.0 Administration Guide

Recycle Bin

7.2.0
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0
Copy Link
Copy Doc ID f50e6507-ba25-11ec-9fd1-fa163e15d75b:836617
Download PDF

Recycle Bin

FortiSOAR version 7.2.0 adds a 'Recycle Bin' to support soft delete of workflow and module records; so that in the case of accidental deletion of playbook collections, playbooks or module records these records can be restored.

In the case of Playbook Collections and Playbooks, soft deletion is enabled by default, since an accidental deletion of playbook collections, or playbooks can result in lot of effort being lost and complete stoppage of automation you have configured. Therefore, when users want to delete playbooks or playbook collections, FortiSOAR displays a confirmation dialog where users can choose whether they want to move the playbooks or playbook collections to the recycle bin or permanently delete the playbooks or playbook collections:
Confirmation dialog displayed while deleting a playbook collection
Clicking Move to Recycle Bin moves all the playbooks of that collection to the recycle bin.

Note

Uniqueness constraint is applied when records are in recycle bin. Therefore, for example, you cannot create a playbook collection or playbook, with the same name as a playbook collection or playbook that have been sent to the recycle bin (soft deleted).

In the case of modules, by default, the records are deleted (permanently deleted); however, you can configure modules to send records to the recycle bin instead of getting permanently deleted by selecting the Enable Recycle Bin option on the Modules page and then clicking Save and Publish. For more information, the Application Editor chapter.

Note

You cannot configure the Recycle Bin for system modules, i.e., for the 'People', 'Appliances', 'Agents', 'Approvals', 'Tenants', 'Routers', 'Comments', and 'Saved Reports' modules. Therefore, records of these modules are always permanently deleted.

You can also schedule the purging of recycle bin records to periodically clear the records present in the recycle bin. For more information, see the System Configuration chapter.

Permissions Required

  • To view Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' and 'Playbooks' modules. You also need the Read permission on modules whose recycle bin records you want to view.

  • To permanently delete Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' module, Delete permissions for the module whose records you want to permanently delete, and Delete permissions on the 'Playbook' module.

  • To restore Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' module, Update permission for the module whose records you want to restore, and Update and Read permissions on the 'Playbook' module.

Using the Recycle Bin

You can use the Recycle Bin to view the soft-deleted records, playbooks, and playbook collections. You can also permanently delete items from the recycle bin, restore selected records, or empty the recycle bin.

Click the Recycle Bin icon in the left navigation pane to display the Recycle Bin page with all the soft-deleted records. You can perform the following operations in the recycle bin:

  • To search for specific records, click the Search icon and type the keywords in the search box. You can also filter records by typing the filter term, tag, or selecting the option in the first row of the record listing.
  • To permanently delete all records that belong to the same module, from the Select a module drop-down list, select the module whose records you want to delete, and click Permanently Delete All <Module Name> Records. In our example, we have selected the 'Playbooks' module.
    Recycle Bin page
    Note: The Select a module drop-down list displays the 'Playbooks' and 'Playbook Collections' options since by default the soft deletion of records for these modules is enabled. This drop-down list also displays all the other modules for which soft deletion has been enabled as is the case with the 'Alerts' module in our example.

  • To permanently delete one record or more specific records, select the module to which the record belongs from the Select a module drop-down list. Then, select the record or records you want to delete and click Delete Permanently.
    Recycle bin page with individual records seleted to restore or permanently delete those records

  • Similarly, to restore one or more specific records, select the module to which the record belongs from the Select a module drop-down list. Then, select the record or records you want to restore and click Restore.
    • Records are restored with its existing relations. For example, if you have moved an alert that was related to an indicator to the recycle bin, then that alert will no longer be linked to that indicator record. If you then choose to restore that alert, then the alert gets linked back to the same indicator record.
    • In the case of playbooks, if you want to restore a playbook from a playbook collection, then the collection containing those playbooks is restored. For example, if you have a 'Demo' collection containing 3 playbooks, A, B, and C that you move to the recycle bin, and then restore B from the recycle bin, the Demo collection containing the B playbook gets restored.
    • In the case of MSSP environments, if both the master and tenant systems have enabled recycle bin on a specific module, then any record that is moved to the recycle bin on the master node also gets moved to the recycle bin on the tenant nodes. However, if only the master or any tenant enables the recycle bin and not vice-versa, then if a record is deleted from the master who has enabled the recycle bin but not the tenant, then the record gets permanently deleted from the tenant. If the same record is restored on the master, then the record also gets replicated back on the tenant node, however at this time on the record will be created as a new record on the tenant side
  • To clear the Recycle Bin, i.e., permanently delete all records in the recycle bin, click Empty Recycle Bin.

Behavior of Recycle Bin in the case of MSSP environments

Note

In the case of MSSP environments, if any module is enabled for the Recycle Bin, then it is recommended that it should be enabled on both the master and tenant systems.

In the case of MSSP environments, if both the master and tenant systems have enabled recycle bin on a specific module, then any record that is moved to the recycle bin on the master node also gets moved to the recycle bin on the tenant nodes. However, if only the master or any tenant enables the recycle bin and not vice-versa, and if a record is deleted from the master (who has enabled the recycle bin) then that record gets permanently deleted from the tenants (who have not enabled the recycle bin. Similarly, if a record is restored on the master, then the record also gets replicated back on the tenant nodes; however, the record gets created as a new record on the tenant side.

Also, if on the master node a module is marked to be enabled for the recycle bin, and the master pushes this module to the tenants, then that module gets enabled for the recycle bin also at the tenants' end.

Previous
Next

Recycle Bin

FortiSOAR version 7.2.0 adds a 'Recycle Bin' to support soft delete of workflow and module records; so that in the case of accidental deletion of playbook collections, playbooks or module records these records can be restored.

In the case of Playbook Collections and Playbooks, soft deletion is enabled by default, since an accidental deletion of playbook collections, or playbooks can result in lot of effort being lost and complete stoppage of automation you have configured. Therefore, when users want to delete playbooks or playbook collections, FortiSOAR displays a confirmation dialog where users can choose whether they want to move the playbooks or playbook collections to the recycle bin or permanently delete the playbooks or playbook collections:
Confirmation dialog displayed while deleting a playbook collection
Clicking Move to Recycle Bin moves all the playbooks of that collection to the recycle bin.

Note

Uniqueness constraint is applied when records are in recycle bin. Therefore, for example, you cannot create a playbook collection or playbook, with the same name as a playbook collection or playbook that have been sent to the recycle bin (soft deleted).

In the case of modules, by default, the records are deleted (permanently deleted); however, you can configure modules to send records to the recycle bin instead of getting permanently deleted by selecting the Enable Recycle Bin option on the Modules page and then clicking Save and Publish. For more information, the Application Editor chapter.

Note

You cannot configure the Recycle Bin for system modules, i.e., for the 'People', 'Appliances', 'Agents', 'Approvals', 'Tenants', 'Routers', 'Comments', and 'Saved Reports' modules. Therefore, records of these modules are always permanently deleted.

You can also schedule the purging of recycle bin records to periodically clear the records present in the recycle bin. For more information, see the System Configuration chapter.

Permissions Required

  • To view Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' and 'Playbooks' modules. You also need the Read permission on modules whose recycle bin records you want to view.

  • To permanently delete Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' module, Delete permissions for the module whose records you want to permanently delete, and Delete permissions on the 'Playbook' module.

  • To restore Recycle Bin records, you must be assigned a role that has a minimum of Read permission on the 'Application' module, Update permission for the module whose records you want to restore, and Update and Read permissions on the 'Playbook' module.

Using the Recycle Bin

You can use the Recycle Bin to view the soft-deleted records, playbooks, and playbook collections. You can also permanently delete items from the recycle bin, restore selected records, or empty the recycle bin.

Click the Recycle Bin icon in the left navigation pane to display the Recycle Bin page with all the soft-deleted records. You can perform the following operations in the recycle bin:

  • To search for specific records, click the Search icon and type the keywords in the search box. You can also filter records by typing the filter term, tag, or selecting the option in the first row of the record listing.
  • To permanently delete all records that belong to the same module, from the Select a module drop-down list, select the module whose records you want to delete, and click Permanently Delete All <Module Name> Records. In our example, we have selected the 'Playbooks' module.
    Recycle Bin page
    Note: The Select a module drop-down list displays the 'Playbooks' and 'Playbook Collections' options since by default the soft deletion of records for these modules is enabled. This drop-down list also displays all the other modules for which soft deletion has been enabled as is the case with the 'Alerts' module in our example.

  • To permanently delete one record or more specific records, select the module to which the record belongs from the Select a module drop-down list. Then, select the record or records you want to delete and click Delete Permanently.
    Recycle bin page with individual records seleted to restore or permanently delete those records

  • Similarly, to restore one or more specific records, select the module to which the record belongs from the Select a module drop-down list. Then, select the record or records you want to restore and click Restore.
    • Records are restored with its existing relations. For example, if you have moved an alert that was related to an indicator to the recycle bin, then that alert will no longer be linked to that indicator record. If you then choose to restore that alert, then the alert gets linked back to the same indicator record.
    • In the case of playbooks, if you want to restore a playbook from a playbook collection, then the collection containing those playbooks is restored. For example, if you have a 'Demo' collection containing 3 playbooks, A, B, and C that you move to the recycle bin, and then restore B from the recycle bin, the Demo collection containing the B playbook gets restored.
    • In the case of MSSP environments, if both the master and tenant systems have enabled recycle bin on a specific module, then any record that is moved to the recycle bin on the master node also gets moved to the recycle bin on the tenant nodes. However, if only the master or any tenant enables the recycle bin and not vice-versa, then if a record is deleted from the master who has enabled the recycle bin but not the tenant, then the record gets permanently deleted from the tenant. If the same record is restored on the master, then the record also gets replicated back on the tenant node, however at this time on the record will be created as a new record on the tenant side
  • To clear the Recycle Bin, i.e., permanently delete all records in the recycle bin, click Empty Recycle Bin.

Behavior of Recycle Bin in the case of MSSP environments

Note

In the case of MSSP environments, if any module is enabled for the Recycle Bin, then it is recommended that it should be enabled on both the master and tenant systems.

In the case of MSSP environments, if both the master and tenant systems have enabled recycle bin on a specific module, then any record that is moved to the recycle bin on the master node also gets moved to the recycle bin on the tenant nodes. However, if only the master or any tenant enables the recycle bin and not vice-versa, and if a record is deleted from the master (who has enabled the recycle bin) then that record gets permanently deleted from the tenants (who have not enabled the recycle bin. Similarly, if a record is restored on the master, then the record also gets replicated back on the tenant nodes; however, the record gets created as a new record on the tenant side.

Also, if on the master node a module is marked to be enabled for the recycle bin, and the master pushes this module to the tenants, then that module gets enabled for the recycle bin also at the tenants' end.

Previous
Next