Fortinet black logo

User Guide

Queue and Shift Management

Copy Link
Copy Doc ID 90cc14aa-4eaa-11ed-9d74-fa163e15d75b:965289
Download PDF

Queue and Shift Management

Queues provide managers a view that answers questions like, "what are my resources working on currently?", "how many tasks are pending?", and "do any tasks require reallocation?". Queues provide users a view that answers questions like "what is my work?", "how much of my work is pending?", and "what is the priority of my tasks?".

Using Queues and Shifts you can automatically assign records to users within a particular queue. For assignment automation, queues and shifts can be explained as follows:

Queues:

  • A list of records assigned using the criteria you have defined.

  • When a record is added to a queue, it is also assigned to a user based on the criteria that you have set for assignment of records.

Shifts:

  • A set of users available for assignment at certain times of the day and certain days of the week.

  • Records are not assigned to a shift rather, they are assigned to individual users using queues but, with the requirement that the users must be on shift.

Note

It is highly recommended that you use the 'Assignment' feature in place of queue management, which has been deprecated from release 7.2.0. The legacy queue management page has been deprecated as automated record assignments were not supported in Queue Management.

In release 7.2.0, automation has been added as a central function of queue and shift management to include the ability to auto-assign the following:

  • New records to queue based on custom filters such as type, severity, etc you have defined.

  • Records to individual users within a queue using methods such as round-robin or to queue or shift leaders.

  • Records to new assignees based on shift changes (shift handover) or other criteria such as how long the record has remained open, etc.

Note

A queue leader is any active user or queue member to whom records can assign records. Any active user, even those who do not have permissions on queues and shifts, can be added as queue members or queue leaders for default assignment of records.

Permissions required for working with queues and shifts

  • To manage with queues and shifts you must have Create, Read, Update, and Delete permissions on the Queues and Shifts modules, and Read permission on the People module.
  • To view queues and shifts you must have Read permission on the Queues, Shifts, and People modules.
  • Any team that is added as an owner of the queue, must be linked to appliance "Playbook". If not, queue assignment will not work for that team.

Prerequisites to automating assignments

Before you can automate assignments and use queue and shift management, you must ensure that the module whose records you want to auto-assign using queues is 'Queueable', i.e., while creating or configuring queues, the module must be displayed as an option for auto-assignment.

Note

By default, the 'Alerts', 'Incidents', and 'Task' modules are 'Queueable'.

To use queue and shift management, follow the given steps to make a module 'Queueable'. In the following example, we are making the 'Events' module 'Queueable'

  1. User must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Application module.
  2. Click Settings and click Modules in the Application Editor section, to open the Module Editor.
  3. On the Modules > Summary page, from the Select a module to edit or create a new module drop-down list, select the module that you want to make queueable.
    For example, select Events.
  4. In the Additional Setting section, select Queueable.
  5. Click Save and Publish the module.
    Once the module has been published, you can associate records of the Events module with queues.

Managing queues and shifts

To automate assignments, you have to create queues and generate shifts.

Creating Queues

Permissions required for creating queues:

  • User must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Queues module and at the minimum Read permissions on the Applications module.

  • Appropriate permissions to any module whose records you want to associate with queue must be added to the 'Playbook' appliance for queues to work on that module. For example, if you have a custom module, 'CustModule1', then ensure that you assign a role with appropriate permissions on 'CustModule1' to the 'Playbook Appliance'.
  • In addition to the above permissions, it is also good to have Read permissions on the Security module as then it becomes possible to add teams as queue owners, and then add the whole team as a shift or queue member all at once.

To create queues, do the following:

  1. Click Queues & Shift Management in the left navigation bar to open the Queue & Shift Management page.
  2. To create a new queue, click Create New Queue to open the Create New Queue Wizard.
  3. In the Create New Queue Wizard, on the Queue Definition screen, define the queue:
    1. To create the queue in the 'Active' state, ensure that Active is selected for Queue Status.
    2. In the Queue Name field, enter a name that describes the queue. For example, if you are creating a queue for automatic assignment of alert records, then you can name the queue as 'Alerts Queue.'
    3. In the Queue Description field, enter the description of the queue. For our example, you can enter Queue for automatically assigning alerts.
    4. From the Module Types list, select the modules whose records you want to associate with this queue.
      Note: Only modules that are marked as Queueable will be listed in this drop-down list. By default, the 'Alerts', 'Incidents', and 'Tasks' are marked as 'Queueable.'
      For our example, select Alerts and then click Add:
      Create New Queue Wizard: Queue Definition screen
    5. Once you have completed providing the basic details for the queue, click Next: Define Rules.
  4. On the Define Queue Rules screen, define the rules for adding records to this queue.
    To add a rule, click Add Rule, which displays a Rule Block:
    1. In the Rule Name field, enter a name that describes the rule. For example, if you want to assign only High and Critical alerts to this queue, then you can name the rule as 'Rule for High and Critical Alerts.'
    2. From When Record Type list, select the record type to associate with the queue. For our example, since we have chosen only the 'Alerts' module, only 'Alerts' is present in the When Record Type list.
      By default, rules are added for the 'Creation' action, i.e., when the selected record type, 'Alert' is 'Created', they are assigned to the queue.
    3. Define additional criteria to the default rule. For example, if you want to assign only High or Critical Alerts to the queue, then you can define the criteria as:
      1. From the Logical Operation drop-down list, select the Any of the below is True (OR) operator.
      2. Click Add Condition and then add the following conditions:
        Severity Equals High
        Severity Equals Critical

        Adding criteria for the default rule
    4. From the Set Priority For When Multiple Queues Match Their Conditions list, select the priority of this queue. By default, it is set to Very Low. Priority for queues is useful when a record matches rules of multiple queues, in which case it will be added to queue with highest priority.
    5. You can also add more rules for the assignment of records to the queue by clicking Add Rule to display a new Rule Block. For example, if you want to assign alerts to this queue when particular fields are updated, do the following:
      1. In the Rule Name field, enter a name that describes the rule. For example, 'Rule for Updated Alerts.'
      2. From When Record Type list, select the record type to associate with the queue. For our example, since we have chosen only the 'Alerts' module, only 'Alerts' is present in the When Record Type list, and select the action as Updated option.
      3. From the Select Record Fields to Monitor For Updates list, select the fields, which when updated, should move the records to the queue. For example, select Severity, Type, and Response Due Date.
      4. Define the criteria for the assignment of alerts to this queue. For example, if you want to move alerts to this queue only if their severity is updated to high critical or if their response due date is in 4 hours, then add the following criteria:
        1. From the Logical Operation drop-down list, select the Any of the below is True (OR) operator.
        2. Click Add Condition and then add the following conditions:
          Severity Equals High
          Severity Equals Critical
          Response Due Date On or Before 4 hours From now

          Create New Queue Wizard: Defining Rules for Updated alerts to be assigned to the Queue
      5. From the Set Priority For When Multiple Queues Match Their Conditions list, select the priority of this queue. By default, it is set to Very Low. Priority for queues is useful when a record matches rules of multiple queues, in which case it will be added to queue with highest priority.
        Similarly, you can define additional rules for the assignment of alerts or other record types such as Incidents to the queue.
      6. Once you have completed defining rules you can click Next: Define Members.
  5. On the Queue Members screen, select the members and optionally the queue leader of the queue as follows:
    1. In the Queue Members and Ownership section, you can choose to add members of the queue as individual Users or add a Team. If you choose to add a team, then all users who are part of that team get added as members of the queue. To add queue members from the Add records by drop-down list, select Users or Teams. Based on your choice, a list of users or teams gets populated in the Select users or Select teams list. Select the users or teams that you want to add as members to this queue and click Add.
      Note: The Select users and Select teams lists display only active users.
      To remove users, select the users that you want to remove and click Remove.
    2. Optionally, from the Queue Leader list, you can select the user who you want to assign as a queue leader.
      Note: The queue leader can also be a queue member. To change the queue leader, from the Queue Leader drop-down list select another user, or to remove the queue leader, click Clear.
      Create New Queue Wizard: Queue Members
    3. Optionally, from the Queue Owners list, you can select the teams that you want to assign as the owners of the queue and click Add.
    4. Select the Update Record Ownership To Match Queue checkbox to add the teams who are associated with the queue as owners of the record, when the record moves to this queue. This ensures that team members can view the records that are assigned to the queue.
      Once you have defined queue membership, click Next: Configure User Assignment.
  6. On the User Assignment screen, define how records are to be individually assigned to users. In the User Assignment Preferences section, define the following:
    1. From the Assignment Method drop-down list, choose the method of assignment. You can choose between Assign to Queue Lead, Round Robin, or Assign to Nobody.
      Assign to Nobody: Records user assignment field is left blank.
      Assign to Queue Lead: Records get assigned to the Queue Lead.
      Note: Select the Enable Shift-Based Round Robin Assignment checkbox to ensure that records get assigned only to members who are currently on shift. If you select the Enable Shift-Based Assignment checkbox, then select the user who would be assigned records if the queue lead is not on shift. You can select between Nobody (leave blank) or Current Shift Lead.
      Round Robin: Each new record in the queue is automatically assigned to different queue members sequentially until the last queue member is reached, and then it restarts with the first member.
      Note: Select the Enable Shift-Based Assignment checkbox to ensure that records get assigned only to members who are currently on shift. If you select the Enable Shift-Based Assignment checkbox, then select the user who would be assigned records if queue members are not on shift. You can select between Nobody (leave blank), Queue Lead, or Current Shift Lead.
      Create New Queue Wizard: Assignment of records to individual users
      Once you have completed defining how records are to be individually assigned to users click Save and Close to complete creating the queue. This adds the newly created queue to the Queue Management page:
      Created Queue added to the Queue Management page

On the Queue Management page, you can view existing queues and also click the Settings icon to view or change the queue management settings. You can perform various actions in the queue's record such as:

  • To view the details of the queue, including the records assigned to that queue, members of the queue, etc., click the View icon.
  • To change or edit an existing queue, click the Edit icon.
  • To delete the queue, click the Delete icon.

Queue Management Settings

You can define various settings for queue management including, defining the global criteria for the removal of records from all the queues and how records are displayed in all the queues. To edit queue management settings, do the following:

  1. On the Queue Management page, click the Settings icon () to display the Queue Management Settings dialog.
  2. On the Automatic Queue Exit Criteria tab, you will see the modules whose records you can auto-assign using queues. By default, the 'Alerts', 'Incidents' and 'Tasks' modules are visible. Use this tab to define the criteria for the removal of records from all the queues of the modules. For our example, we will define the criteria for removing 'Alert' records:
    1. In the Alerts section, select the Enable Automatic Queue Exit checkbox.
    2. In the Define how Alerts will be removed from a queue section, in the Select record fields to monitor for updates field, select the fields, which when updated would remove the alert records from all the queues. For example, select Status and Severity.
    3. In the Set Conditions section, add the conditions which when met would automatically remove the record from queues. For example, if you also want to remove alert records from all queues when the Status of the Alert is closed or when their severity is 'Minimal', do the following:
      1. From the Logical Operation drop-down list, retain the selection of Any of the below is True (OR) operator.
      2. Click Add Condition and add the following condition:
        Status Equals Closed
        Severity Equals Minimal

        Global Queue Retention Settings Definition
  3. Click the Grid Display Settings tab to define how the card for records is displayed in all the queues. For our example, we will define how cards for 'Alert' records are displayed in queues. From the Column list select the fields that you should be added to the alert card in the queue and then click Add. For example, select and add fields such as ID, Name, Type, Created On, Source, etc.:
    Queue Management Settings: Card Display Settings
  4. Click the Assignment Fields tab to view or change the field that is used for the assignment of records for each queueable module. By default, the 'Alerts', 'Incidents' and 'Tasks' modules are visible. For example, if in case of alerts you have defined two fields that are used for assigning records to users Assigned To (default) and User Assignment, then you can select either one of them as the assignee field for the record:
    Queue Management Settings - Assigning Users for Records
  5. Once you have completed updating the queue management settings, click Save and Close.

Working with Queues

On the Queue Management page, you can see existing queues. To view details of the queue such as records that are assigned to the queue, members of the queue, etc., click the View icon in a queue record. In the following image the Alerts Queue is the active queue whose details, i.e., records assigned to the queue and members of the queues are displayed:
Details of an active queue

The list of alert records that are assigned to this queue is displayed in the Queue Records tab. Each alert record in the list is displayed as defined in Queue Management Settings, i.e., these settings define which fields are displayed in the alert record and how they are displayed. Also, as defined in the queue rules (in our example), alerts that are created are assigned to users who are part of the queue and are in that shift using the round-robin assignment method.
To view the details of a record, or to reassign a record, click the alert record in the alerts list grid, which opens the detail view of the record in which you can manually assign records to individual users or queues. For more information on the detail and list view of records, see the Working with Modules - Alerts & Incidents chapter.

To delete records from the queue, select that record and click Remove Link.

To view the members of the active queue, click the Queue Members tab:
Queue Details - Viewing Queue Members

You can also perform operations on the records from their respective views. For example, to manually reassign an alert record to another user or queue, you can click the alert record, and update the Assigned To or Queue fields. Similarly, to bulk assign records to different queues, click the Change Queue option in the record list view as shown in the following image:
Alerts List View - Change Queue Option
As shown in the above image, the records have been assigned to the 'Alerts Queue'; however, if you want to assign some records to another queue, for example, 'Alerts Assignments New', then you can select the records, click Change Queue, and select the Alerts Assignment New queue. The selected records then move to the 'Alerts Assignments New' queue. For more information on the detail and list view of records, see the Working with Modules - Alerts & Incidents chapter.

Note

You can export or import Queues and Shifts using the FortiSOAR Export and Import Wizards. Queues and Shifts are exported as records and the configuration of the Queue Management page is exported using the System View Template. While exporting Queues or Shifts, ensure that you select Queues and Shifts modules as well as their records in the Export Wizard. For more information on the Export and Import Wizards see the Application Editor chapter in the "Administration Guide."

Working with Shifts

Permissions required

  • To generate and delete shifts, the user must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Shifts module and at the minimum Read permissions on the Applications module.
  • To view the shift roaster, you need Read permissions on the Shifts module and at the minimum Read permissions on the Applications module.

Generating Shifts

Queues and Shifts work together for the assignment of records. To create shifts, do the following:

  1. Click Queues & Shift Management in the left navigation bar, then click the Shift Management tab.
  2. To add shifts, on the Shift Management page, click Generate Shifts.
  3. In the Generate Shifts dialog add the following:
    1. In the Shift Name field, add the name of the shift. For example, Morning Shift.
    2. In the Start Time field, select the time (in the 24-hour format) from when the shift will start. For example, 5:00 (for 5 am).
    3. From the Timezone field, search and select the time zone in which you want to apply the generated shift times.
    4. In the Duration (Hours) field, enter the duration of the shift in hours. You can enter the minutes in the Duration (Minutes) field. For example, if the shift is 8 hours, enter 8 in the Duration (Hours) field and 0 in the Duration (Minutes) field. However, if the shift is of 8 hours 30 minutes, then enter 8 in the Duration (Hours) field and 30 in the Duration (Minutes) field.
    5. In the Days Of The Week section, select the workweek, i.e., the days of the week for your organization. By default, Monday to Friday are selected. However, you can select the workdays according to the region as well, for example, Sunday to Thursday is the workweek in some Middle Eastern countries.
    6. From the Starting On date field, select the date from when you want to start the shift.
    7. In the # Of Weeks To Generate field, enter the number of weeks for which you want to generate this shift. For example, you might want to generate a shift for 6 months, in regions where daylight saving is applicable. Since you will need to change the shift timings every 6 months. To generate the shift for 6 months, enter 26 weeks.
    8. From the Add Shift Members By section, you can choose to add individual users or teams to the shift. If you choose to add a team, then all users who are part of that team get added to the shift. To add users to the shift from the Users drop-down list, select Users or Teams. Based on your choice, a list of users or teams gets populated in the Select users or Select teams list. Select the users or teams that you want to add as members to this queue and click Add.
      Note: The Select users and Select teams lists display only active users.
    9. From the Shift Leader drop-list, select the user who is assigned as the leader of this shift.
    10. Click Generate to generate this shift (Morning Shift).
      Generate Shifts Dialog

This adds the shift roster on the Shift Management page:
Shift Management Page-Shift Roster

To view shifts older or historical shifts, click View Shifts From and select a date on the calendar.
To view the list of users that are part of a shift, click the Edit icon on the shift record to open its detail view. In the Related Records section, on the Users tab, you can view the list of users who are part of that particular shift:
Shift Detail View

To add existing users to the shift, click Link, to open the Link People dialog, in which you can select users to add to the shift, and then click Save Relationship. Similarly, to remove users from the shift, select the users and then click Remove Link.
To delete a record for a particular shift, either click the Delete icon on the grid view of the record or click the Delete Record button on the detail view of the record and click OK on the confirmation dialog. To export a shift record in the CSV or PDF format, click the Export Record button in the details view of the shift record.
You can also edit some details of the shift by clicking the Edit Record button in the details view of the shift record. Details of the shift that you can change are the leader of the shift, the name of the shift, the starting and ending date and time of the shift, and you also can optionally add tags for the shift:
Editing details of a shift

Deleting Shifts in bulk

To delete shifts in bulk and based on some condition, click the Delete Shifts button. In the Delete Shifts By Condition dialog, enter the criteria based on which you want to delete the shifts. By default, a condition for deleting shifts that existed in the past is added. In addition to the same, if for example, your organization has removed the Evening Shift, then you can add a condition such as Name Equals Evening Shift and click Delete:
Delete shift by condition dialog

Click Confirm on the confirmation dialog to delete all the records associated with the 'Evening Shift.'

Initiating Shift Handovers

You can also define rules for shift handovers, i.e., based on the specified criteria, the filtered items would be handed over or reassigned to the members of the next shift.

For example, a queue leader is working in the 'General Shift' might want to reassign all Alerts whose status is not 'Closed' and whose Severity is 'Critical' or whose 'Response Due Date' is in or less than 6 hours to members of the 'Evening Shift'. To initiate shift handovers:

  1. Click Queues & Shift Management in the left navigation bar, then click the Shift Management tab.
  2. Click Initiate Shift Handover.
  3. In the Shift Handover slider, define the rules for shift handover:
    1. From the Select Which Shift To Reassign Records From drop-down list, select the shift whose records you want to hand over. For example, Morning Shift (ended about 3 hours ago).
    2. From the Reassign Records To This Shift drop-down list, select Evening Shift (starts in about 5 hours from now)
    3. From the Assign Records To list, select to whom you want to assign the records. You can choose to assign the records to the manager of the shift to which you are handing over the records, Shift Manager or assign the records in the Round Robin method, or choose to not assign the records to anyone, Nobody (leave blank).
  4. The Define criteria to limit records to assign section displays all the modules whose records you can auto-assign using queues. For our example, click the down (v) arrow in the Alerts row, and define the criteria as follows:
    1. Click the Include in handover checkbox to include the records in the handover based on the defined conditions.
    2. Add the conditions based on which you want to assign records to members of the selected shift. For our example, click Add Condition and then enter the condition Status Not Equals Closed.
      Next, click Add Conditions Group, select the OR operator and add the following conditions:
      Severity Equals Critical
      Response Due Date On or Before 6 hours from now
      Similarly, you can define criteria for other modules whose records you can auto-assign using queues.
  5. From the Only Include Records Created In The field, choose Relative or Custom and then select the number of days to be considered for alert creation while handing over alerts to different shifts.
  6. In the Add Comment To Reassigned Records, you can add a note, for example, Reassigned via shift handover that gets added as a comment in the records.
    Defining Shift Handovers
  7. To initiate the shift handover, click Initiate Shift Handover.
    This begins the process of reassigning records to the shift and FortiSOAR displays a toaster message containing the number of records that were reassigned to the specified shift. When you open the detail view of records that were re-assigned using shift handover, you will see the comment, for example, Reassigned via shift handover added to the record.

Queue and Shift Management

Queues provide managers a view that answers questions like, "what are my resources working on currently?", "how many tasks are pending?", and "do any tasks require reallocation?". Queues provide users a view that answers questions like "what is my work?", "how much of my work is pending?", and "what is the priority of my tasks?".

Using Queues and Shifts you can automatically assign records to users within a particular queue. For assignment automation, queues and shifts can be explained as follows:

Queues:

  • A list of records assigned using the criteria you have defined.

  • When a record is added to a queue, it is also assigned to a user based on the criteria that you have set for assignment of records.

Shifts:

  • A set of users available for assignment at certain times of the day and certain days of the week.

  • Records are not assigned to a shift rather, they are assigned to individual users using queues but, with the requirement that the users must be on shift.

Note

It is highly recommended that you use the 'Assignment' feature in place of queue management, which has been deprecated from release 7.2.0. The legacy queue management page has been deprecated as automated record assignments were not supported in Queue Management.

In release 7.2.0, automation has been added as a central function of queue and shift management to include the ability to auto-assign the following:

  • New records to queue based on custom filters such as type, severity, etc you have defined.

  • Records to individual users within a queue using methods such as round-robin or to queue or shift leaders.

  • Records to new assignees based on shift changes (shift handover) or other criteria such as how long the record has remained open, etc.

Note

A queue leader is any active user or queue member to whom records can assign records. Any active user, even those who do not have permissions on queues and shifts, can be added as queue members or queue leaders for default assignment of records.

Permissions required for working with queues and shifts

  • To manage with queues and shifts you must have Create, Read, Update, and Delete permissions on the Queues and Shifts modules, and Read permission on the People module.
  • To view queues and shifts you must have Read permission on the Queues, Shifts, and People modules.
  • Any team that is added as an owner of the queue, must be linked to appliance "Playbook". If not, queue assignment will not work for that team.

Prerequisites to automating assignments

Before you can automate assignments and use queue and shift management, you must ensure that the module whose records you want to auto-assign using queues is 'Queueable', i.e., while creating or configuring queues, the module must be displayed as an option for auto-assignment.

Note

By default, the 'Alerts', 'Incidents', and 'Task' modules are 'Queueable'.

To use queue and shift management, follow the given steps to make a module 'Queueable'. In the following example, we are making the 'Events' module 'Queueable'

  1. User must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Application module.
  2. Click Settings and click Modules in the Application Editor section, to open the Module Editor.
  3. On the Modules > Summary page, from the Select a module to edit or create a new module drop-down list, select the module that you want to make queueable.
    For example, select Events.
  4. In the Additional Setting section, select Queueable.
  5. Click Save and Publish the module.
    Once the module has been published, you can associate records of the Events module with queues.

Managing queues and shifts

To automate assignments, you have to create queues and generate shifts.

Creating Queues

Permissions required for creating queues:

  • User must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Queues module and at the minimum Read permissions on the Applications module.

  • Appropriate permissions to any module whose records you want to associate with queue must be added to the 'Playbook' appliance for queues to work on that module. For example, if you have a custom module, 'CustModule1', then ensure that you assign a role with appropriate permissions on 'CustModule1' to the 'Playbook Appliance'.
  • In addition to the above permissions, it is also good to have Read permissions on the Security module as then it becomes possible to add teams as queue owners, and then add the whole team as a shift or queue member all at once.

To create queues, do the following:

  1. Click Queues & Shift Management in the left navigation bar to open the Queue & Shift Management page.
  2. To create a new queue, click Create New Queue to open the Create New Queue Wizard.
  3. In the Create New Queue Wizard, on the Queue Definition screen, define the queue:
    1. To create the queue in the 'Active' state, ensure that Active is selected for Queue Status.
    2. In the Queue Name field, enter a name that describes the queue. For example, if you are creating a queue for automatic assignment of alert records, then you can name the queue as 'Alerts Queue.'
    3. In the Queue Description field, enter the description of the queue. For our example, you can enter Queue for automatically assigning alerts.
    4. From the Module Types list, select the modules whose records you want to associate with this queue.
      Note: Only modules that are marked as Queueable will be listed in this drop-down list. By default, the 'Alerts', 'Incidents', and 'Tasks' are marked as 'Queueable.'
      For our example, select Alerts and then click Add:
      Create New Queue Wizard: Queue Definition screen
    5. Once you have completed providing the basic details for the queue, click Next: Define Rules.
  4. On the Define Queue Rules screen, define the rules for adding records to this queue.
    To add a rule, click Add Rule, which displays a Rule Block:
    1. In the Rule Name field, enter a name that describes the rule. For example, if you want to assign only High and Critical alerts to this queue, then you can name the rule as 'Rule for High and Critical Alerts.'
    2. From When Record Type list, select the record type to associate with the queue. For our example, since we have chosen only the 'Alerts' module, only 'Alerts' is present in the When Record Type list.
      By default, rules are added for the 'Creation' action, i.e., when the selected record type, 'Alert' is 'Created', they are assigned to the queue.
    3. Define additional criteria to the default rule. For example, if you want to assign only High or Critical Alerts to the queue, then you can define the criteria as:
      1. From the Logical Operation drop-down list, select the Any of the below is True (OR) operator.
      2. Click Add Condition and then add the following conditions:
        Severity Equals High
        Severity Equals Critical

        Adding criteria for the default rule
    4. From the Set Priority For When Multiple Queues Match Their Conditions list, select the priority of this queue. By default, it is set to Very Low. Priority for queues is useful when a record matches rules of multiple queues, in which case it will be added to queue with highest priority.
    5. You can also add more rules for the assignment of records to the queue by clicking Add Rule to display a new Rule Block. For example, if you want to assign alerts to this queue when particular fields are updated, do the following:
      1. In the Rule Name field, enter a name that describes the rule. For example, 'Rule for Updated Alerts.'
      2. From When Record Type list, select the record type to associate with the queue. For our example, since we have chosen only the 'Alerts' module, only 'Alerts' is present in the When Record Type list, and select the action as Updated option.
      3. From the Select Record Fields to Monitor For Updates list, select the fields, which when updated, should move the records to the queue. For example, select Severity, Type, and Response Due Date.
      4. Define the criteria for the assignment of alerts to this queue. For example, if you want to move alerts to this queue only if their severity is updated to high critical or if their response due date is in 4 hours, then add the following criteria:
        1. From the Logical Operation drop-down list, select the Any of the below is True (OR) operator.
        2. Click Add Condition and then add the following conditions:
          Severity Equals High
          Severity Equals Critical
          Response Due Date On or Before 4 hours From now

          Create New Queue Wizard: Defining Rules for Updated alerts to be assigned to the Queue
      5. From the Set Priority For When Multiple Queues Match Their Conditions list, select the priority of this queue. By default, it is set to Very Low. Priority for queues is useful when a record matches rules of multiple queues, in which case it will be added to queue with highest priority.
        Similarly, you can define additional rules for the assignment of alerts or other record types such as Incidents to the queue.
      6. Once you have completed defining rules you can click Next: Define Members.
  5. On the Queue Members screen, select the members and optionally the queue leader of the queue as follows:
    1. In the Queue Members and Ownership section, you can choose to add members of the queue as individual Users or add a Team. If you choose to add a team, then all users who are part of that team get added as members of the queue. To add queue members from the Add records by drop-down list, select Users or Teams. Based on your choice, a list of users or teams gets populated in the Select users or Select teams list. Select the users or teams that you want to add as members to this queue and click Add.
      Note: The Select users and Select teams lists display only active users.
      To remove users, select the users that you want to remove and click Remove.
    2. Optionally, from the Queue Leader list, you can select the user who you want to assign as a queue leader.
      Note: The queue leader can also be a queue member. To change the queue leader, from the Queue Leader drop-down list select another user, or to remove the queue leader, click Clear.
      Create New Queue Wizard: Queue Members
    3. Optionally, from the Queue Owners list, you can select the teams that you want to assign as the owners of the queue and click Add.
    4. Select the Update Record Ownership To Match Queue checkbox to add the teams who are associated with the queue as owners of the record, when the record moves to this queue. This ensures that team members can view the records that are assigned to the queue.
      Once you have defined queue membership, click Next: Configure User Assignment.
  6. On the User Assignment screen, define how records are to be individually assigned to users. In the User Assignment Preferences section, define the following:
    1. From the Assignment Method drop-down list, choose the method of assignment. You can choose between Assign to Queue Lead, Round Robin, or Assign to Nobody.
      Assign to Nobody: Records user assignment field is left blank.
      Assign to Queue Lead: Records get assigned to the Queue Lead.
      Note: Select the Enable Shift-Based Round Robin Assignment checkbox to ensure that records get assigned only to members who are currently on shift. If you select the Enable Shift-Based Assignment checkbox, then select the user who would be assigned records if the queue lead is not on shift. You can select between Nobody (leave blank) or Current Shift Lead.
      Round Robin: Each new record in the queue is automatically assigned to different queue members sequentially until the last queue member is reached, and then it restarts with the first member.
      Note: Select the Enable Shift-Based Assignment checkbox to ensure that records get assigned only to members who are currently on shift. If you select the Enable Shift-Based Assignment checkbox, then select the user who would be assigned records if queue members are not on shift. You can select between Nobody (leave blank), Queue Lead, or Current Shift Lead.
      Create New Queue Wizard: Assignment of records to individual users
      Once you have completed defining how records are to be individually assigned to users click Save and Close to complete creating the queue. This adds the newly created queue to the Queue Management page:
      Created Queue added to the Queue Management page

On the Queue Management page, you can view existing queues and also click the Settings icon to view or change the queue management settings. You can perform various actions in the queue's record such as:

  • To view the details of the queue, including the records assigned to that queue, members of the queue, etc., click the View icon.
  • To change or edit an existing queue, click the Edit icon.
  • To delete the queue, click the Delete icon.

Queue Management Settings

You can define various settings for queue management including, defining the global criteria for the removal of records from all the queues and how records are displayed in all the queues. To edit queue management settings, do the following:

  1. On the Queue Management page, click the Settings icon () to display the Queue Management Settings dialog.
  2. On the Automatic Queue Exit Criteria tab, you will see the modules whose records you can auto-assign using queues. By default, the 'Alerts', 'Incidents' and 'Tasks' modules are visible. Use this tab to define the criteria for the removal of records from all the queues of the modules. For our example, we will define the criteria for removing 'Alert' records:
    1. In the Alerts section, select the Enable Automatic Queue Exit checkbox.
    2. In the Define how Alerts will be removed from a queue section, in the Select record fields to monitor for updates field, select the fields, which when updated would remove the alert records from all the queues. For example, select Status and Severity.
    3. In the Set Conditions section, add the conditions which when met would automatically remove the record from queues. For example, if you also want to remove alert records from all queues when the Status of the Alert is closed or when their severity is 'Minimal', do the following:
      1. From the Logical Operation drop-down list, retain the selection of Any of the below is True (OR) operator.
      2. Click Add Condition and add the following condition:
        Status Equals Closed
        Severity Equals Minimal

        Global Queue Retention Settings Definition
  3. Click the Grid Display Settings tab to define how the card for records is displayed in all the queues. For our example, we will define how cards for 'Alert' records are displayed in queues. From the Column list select the fields that you should be added to the alert card in the queue and then click Add. For example, select and add fields such as ID, Name, Type, Created On, Source, etc.:
    Queue Management Settings: Card Display Settings
  4. Click the Assignment Fields tab to view or change the field that is used for the assignment of records for each queueable module. By default, the 'Alerts', 'Incidents' and 'Tasks' modules are visible. For example, if in case of alerts you have defined two fields that are used for assigning records to users Assigned To (default) and User Assignment, then you can select either one of them as the assignee field for the record:
    Queue Management Settings - Assigning Users for Records
  5. Once you have completed updating the queue management settings, click Save and Close.

Working with Queues

On the Queue Management page, you can see existing queues. To view details of the queue such as records that are assigned to the queue, members of the queue, etc., click the View icon in a queue record. In the following image the Alerts Queue is the active queue whose details, i.e., records assigned to the queue and members of the queues are displayed:
Details of an active queue

The list of alert records that are assigned to this queue is displayed in the Queue Records tab. Each alert record in the list is displayed as defined in Queue Management Settings, i.e., these settings define which fields are displayed in the alert record and how they are displayed. Also, as defined in the queue rules (in our example), alerts that are created are assigned to users who are part of the queue and are in that shift using the round-robin assignment method.
To view the details of a record, or to reassign a record, click the alert record in the alerts list grid, which opens the detail view of the record in which you can manually assign records to individual users or queues. For more information on the detail and list view of records, see the Working with Modules - Alerts & Incidents chapter.

To delete records from the queue, select that record and click Remove Link.

To view the members of the active queue, click the Queue Members tab:
Queue Details - Viewing Queue Members

You can also perform operations on the records from their respective views. For example, to manually reassign an alert record to another user or queue, you can click the alert record, and update the Assigned To or Queue fields. Similarly, to bulk assign records to different queues, click the Change Queue option in the record list view as shown in the following image:
Alerts List View - Change Queue Option
As shown in the above image, the records have been assigned to the 'Alerts Queue'; however, if you want to assign some records to another queue, for example, 'Alerts Assignments New', then you can select the records, click Change Queue, and select the Alerts Assignment New queue. The selected records then move to the 'Alerts Assignments New' queue. For more information on the detail and list view of records, see the Working with Modules - Alerts & Incidents chapter.

Note

You can export or import Queues and Shifts using the FortiSOAR Export and Import Wizards. Queues and Shifts are exported as records and the configuration of the Queue Management page is exported using the System View Template. While exporting Queues or Shifts, ensure that you select Queues and Shifts modules as well as their records in the Export Wizard. For more information on the Export and Import Wizards see the Application Editor chapter in the "Administration Guide."

Working with Shifts

Permissions required

  • To generate and delete shifts, the user must be assigned the role that has Create, Read, Update, and Delete (CRUD) permissions on the Shifts module and at the minimum Read permissions on the Applications module.
  • To view the shift roaster, you need Read permissions on the Shifts module and at the minimum Read permissions on the Applications module.

Generating Shifts

Queues and Shifts work together for the assignment of records. To create shifts, do the following:

  1. Click Queues & Shift Management in the left navigation bar, then click the Shift Management tab.
  2. To add shifts, on the Shift Management page, click Generate Shifts.
  3. In the Generate Shifts dialog add the following:
    1. In the Shift Name field, add the name of the shift. For example, Morning Shift.
    2. In the Start Time field, select the time (in the 24-hour format) from when the shift will start. For example, 5:00 (for 5 am).
    3. From the Timezone field, search and select the time zone in which you want to apply the generated shift times.
    4. In the Duration (Hours) field, enter the duration of the shift in hours. You can enter the minutes in the Duration (Minutes) field. For example, if the shift is 8 hours, enter 8 in the Duration (Hours) field and 0 in the Duration (Minutes) field. However, if the shift is of 8 hours 30 minutes, then enter 8 in the Duration (Hours) field and 30 in the Duration (Minutes) field.
    5. In the Days Of The Week section, select the workweek, i.e., the days of the week for your organization. By default, Monday to Friday are selected. However, you can select the workdays according to the region as well, for example, Sunday to Thursday is the workweek in some Middle Eastern countries.
    6. From the Starting On date field, select the date from when you want to start the shift.
    7. In the # Of Weeks To Generate field, enter the number of weeks for which you want to generate this shift. For example, you might want to generate a shift for 6 months, in regions where daylight saving is applicable. Since you will need to change the shift timings every 6 months. To generate the shift for 6 months, enter 26 weeks.
    8. From the Add Shift Members By section, you can choose to add individual users or teams to the shift. If you choose to add a team, then all users who are part of that team get added to the shift. To add users to the shift from the Users drop-down list, select Users or Teams. Based on your choice, a list of users or teams gets populated in the Select users or Select teams list. Select the users or teams that you want to add as members to this queue and click Add.
      Note: The Select users and Select teams lists display only active users.
    9. From the Shift Leader drop-list, select the user who is assigned as the leader of this shift.
    10. Click Generate to generate this shift (Morning Shift).
      Generate Shifts Dialog

This adds the shift roster on the Shift Management page:
Shift Management Page-Shift Roster

To view shifts older or historical shifts, click View Shifts From and select a date on the calendar.
To view the list of users that are part of a shift, click the Edit icon on the shift record to open its detail view. In the Related Records section, on the Users tab, you can view the list of users who are part of that particular shift:
Shift Detail View

To add existing users to the shift, click Link, to open the Link People dialog, in which you can select users to add to the shift, and then click Save Relationship. Similarly, to remove users from the shift, select the users and then click Remove Link.
To delete a record for a particular shift, either click the Delete icon on the grid view of the record or click the Delete Record button on the detail view of the record and click OK on the confirmation dialog. To export a shift record in the CSV or PDF format, click the Export Record button in the details view of the shift record.
You can also edit some details of the shift by clicking the Edit Record button in the details view of the shift record. Details of the shift that you can change are the leader of the shift, the name of the shift, the starting and ending date and time of the shift, and you also can optionally add tags for the shift:
Editing details of a shift

Deleting Shifts in bulk

To delete shifts in bulk and based on some condition, click the Delete Shifts button. In the Delete Shifts By Condition dialog, enter the criteria based on which you want to delete the shifts. By default, a condition for deleting shifts that existed in the past is added. In addition to the same, if for example, your organization has removed the Evening Shift, then you can add a condition such as Name Equals Evening Shift and click Delete:
Delete shift by condition dialog

Click Confirm on the confirmation dialog to delete all the records associated with the 'Evening Shift.'

Initiating Shift Handovers

You can also define rules for shift handovers, i.e., based on the specified criteria, the filtered items would be handed over or reassigned to the members of the next shift.

For example, a queue leader is working in the 'General Shift' might want to reassign all Alerts whose status is not 'Closed' and whose Severity is 'Critical' or whose 'Response Due Date' is in or less than 6 hours to members of the 'Evening Shift'. To initiate shift handovers:

  1. Click Queues & Shift Management in the left navigation bar, then click the Shift Management tab.
  2. Click Initiate Shift Handover.
  3. In the Shift Handover slider, define the rules for shift handover:
    1. From the Select Which Shift To Reassign Records From drop-down list, select the shift whose records you want to hand over. For example, Morning Shift (ended about 3 hours ago).
    2. From the Reassign Records To This Shift drop-down list, select Evening Shift (starts in about 5 hours from now)
    3. From the Assign Records To list, select to whom you want to assign the records. You can choose to assign the records to the manager of the shift to which you are handing over the records, Shift Manager or assign the records in the Round Robin method, or choose to not assign the records to anyone, Nobody (leave blank).
  4. The Define criteria to limit records to assign section displays all the modules whose records you can auto-assign using queues. For our example, click the down (v) arrow in the Alerts row, and define the criteria as follows:
    1. Click the Include in handover checkbox to include the records in the handover based on the defined conditions.
    2. Add the conditions based on which you want to assign records to members of the selected shift. For our example, click Add Condition and then enter the condition Status Not Equals Closed.
      Next, click Add Conditions Group, select the OR operator and add the following conditions:
      Severity Equals Critical
      Response Due Date On or Before 6 hours from now
      Similarly, you can define criteria for other modules whose records you can auto-assign using queues.
  5. From the Only Include Records Created In The field, choose Relative or Custom and then select the number of days to be considered for alert creation while handing over alerts to different shifts.
  6. In the Add Comment To Reassigned Records, you can add a note, for example, Reassigned via shift handover that gets added as a comment in the records.
    Defining Shift Handovers
  7. To initiate the shift handover, click Initiate Shift Handover.
    This begins the process of reassigning records to the shift and FortiSOAR displays a toaster message containing the number of records that were reassigned to the specified shift. When you open the detail view of records that were re-assigned using shift handover, you will see the comment, for example, Reassigned via shift handover added to the record.