Fortinet black logo

User Guide

Home SOCaaS User Guide

Alert status and closure

Alert status and closure

To change the alert status:

  1. Go to Alerts and click an alert to open it.

  2. In the Status field, click the edit icon () to activate the dropdown, and select a status from the list.

    Note

    It is strongly recommended that you update the status of alerts and provide a closure note once you have determined that an alert can be closed.

    Updating the status and closure notes closes the loop on the alert and helps the Fortinet SOC team understand your needs and improve the service over time.

    In Progress

    The customer has acknowledged the alert and is investigating.

    Confirmed

    Customer confirmed the incident and is looking into containment and mitigation.

    Closed (Duplicate)

    Similar escalation received.

    Closed (False Positive)

    Escalation determined to be false positive

    Closed (Risk Accepted)

    Confirmed but risk is accepted by customer

    Closed (Resolved)

    Alert closed after responding to incident.

  3. When marking an alert as closed, the portal prompts you to enter a closure note allowing you to provide additional information about why the alert has been marked closed.
    Enter a note in the Closure Notes text field, and click Apply.

Previous
Next

Alert status and closure

To change the alert status:

  1. Go to Alerts and click an alert to open it.

  2. In the Status field, click the edit icon () to activate the dropdown, and select a status from the list.

    Note

    It is strongly recommended that you update the status of alerts and provide a closure note once you have determined that an alert can be closed.

    Updating the status and closure notes closes the loop on the alert and helps the Fortinet SOC team understand your needs and improve the service over time.

    In Progress

    The customer has acknowledged the alert and is investigating.

    Confirmed

    Customer confirmed the incident and is looking into containment and mitigation.

    Closed (Duplicate)

    Similar escalation received.

    Closed (False Positive)

    Escalation determined to be false positive

    Closed (Risk Accepted)

    Confirmed but risk is accepted by customer

    Closed (Resolved)

    Alert closed after responding to incident.

  3. When marking an alert as closed, the portal prompts you to enter a closure note allowing you to provide additional information about why the alert has been marked closed.
    Enter a note in the Closure Notes text field, and click Apply.

Previous
Next