Fortinet black logo

Administration Guide

Incidents

Incidents

To view incidents, go to Event Manager > Incidents > All Incidents.

Raising an incident

You can raise an incident only for alerts for one endpoint.

You can raise an incident in the following ways:

  • In Event Manager > Incidents > All Incidents, click Create New in the toolbar. This opens the Create New Incident pane.
  • In Event Manager > All Events, right-click an event and select Raise Incident. This opens the Raise Incident pane with the applicable fields filled in, such as the Affected Endpoint.

Following is a description of the options available in the Create New Incident and Raise Incident pane.

Incident Reporter

The user name of the person raising the incident. This field cannot be changed.

Incident Category

Select a category from the dropdown list.

Severity

Select a severity level from the dropdown list.

Status

Select a status from the dropdown list.

Affected Endpoint

Select the affected endpoint from the dropdown list.

Description

If you wish, enter a description.

Analyzing an incident

In Event Manager > Incidents > All Incidents, double-click an incident or right-click an incident and select Analysis Page.

The incident analysis page shows the incident's Affected Endpoint and User, Incident Info, and Events related to the incident.

In the Incident Info panel, you can change the Incident Category, Severity, Status, and Description.

Incidents

To view incidents, go to Event Manager > Incidents > All Incidents.

Raising an incident

You can raise an incident only for alerts for one endpoint.

You can raise an incident in the following ways:

  • In Event Manager > Incidents > All Incidents, click Create New in the toolbar. This opens the Create New Incident pane.
  • In Event Manager > All Events, right-click an event and select Raise Incident. This opens the Raise Incident pane with the applicable fields filled in, such as the Affected Endpoint.

Following is a description of the options available in the Create New Incident and Raise Incident pane.

Incident Reporter

The user name of the person raising the incident. This field cannot be changed.

Incident Category

Select a category from the dropdown list.

Severity

Select a severity level from the dropdown list.

Status

Select a status from the dropdown list.

Affected Endpoint

Select the affected endpoint from the dropdown list.

Description

If you wish, enter a description.

Analyzing an incident

In Event Manager > Incidents > All Incidents, double-click an incident or right-click an incident and select Analysis Page.

The incident analysis page shows the incident's Affected Endpoint and User, Incident Info, and Events related to the incident.

In the Incident Info panel, you can change the Incident Category, Severity, Status, and Description.