Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Attach reports to incidents

You can attach reports to incidents to add historical data in addition to real-time events through one of the following methods:

  • Manually added by an admin after incident creation.
  • Automatically added by SOC automation playbooks. SOC automation is a licensed feature.

Two views are available in the Incident Analysis page:

  • Closed view showing attached reports.
  • Open view showing the content of the report.
To attach reports from Generated Reports:
  1. Go to Reports > Generated Reports.
    Select the report(s) to be attached, right-click on a selected report, and click Attach to Incident.

    The Select an Incident window appears.

  2. Select an incident and click Add to this incident.
To attach reports from the Incident Analysis page:
  1. Go to Incidents & Events/FortiSoC > Incidents and double-click on an incident to view the Incident Analysis page.
  2. On the bottom of the page, click the Report tab.
  3. Click Add.
    The Attach Report window appears with a list of generated reports available for selection.
  4. Select one or more reports and click OK.
    The reports are added to incident as an attachment.
To view reports in the Incident Analysis page:
  1. In the Incident Analysis page, click the Reports tab.
    The list of attached reports is shown and displays basic report information.
  2. Click a format type in the Format column to launch a new tab showing the report's content.
To delete reports from the Incident Analysis page:
  1. In the Incident Analysis page, click the Reports tab.
  2. Select the report(s) to be deleted, and click Delete.
    A confirmation dialog appears.
  3. Click OK.
    The selected reports are deleted from incident.

Attach reports to incidents

You can attach reports to incidents to add historical data in addition to real-time events through one of the following methods:

  • Manually added by an admin after incident creation.
  • Automatically added by SOC automation playbooks. SOC automation is a licensed feature.

Two views are available in the Incident Analysis page:

  • Closed view showing attached reports.
  • Open view showing the content of the report.
To attach reports from Generated Reports:
  1. Go to Reports > Generated Reports.
    Select the report(s) to be attached, right-click on a selected report, and click Attach to Incident.

    The Select an Incident window appears.

  2. Select an incident and click Add to this incident.
To attach reports from the Incident Analysis page:
  1. Go to Incidents & Events/FortiSoC > Incidents and double-click on an incident to view the Incident Analysis page.
  2. On the bottom of the page, click the Report tab.
  3. Click Add.
    The Attach Report window appears with a list of generated reports available for selection.
  4. Select one or more reports and click OK.
    The reports are added to incident as an attachment.
To view reports in the Incident Analysis page:
  1. In the Incident Analysis page, click the Reports tab.
    The list of attached reports is shown and displays basic report information.
  2. Click a format type in the Format column to launch a new tab showing the report's content.
To delete reports from the Incident Analysis page:
  1. In the Incident Analysis page, click the Reports tab.
  2. Select the report(s) to be deleted, and click Delete.
    A confirmation dialog appears.
  3. Click OK.
    The selected reports are deleted from incident.