Alert status and closure
To change the alert status:
-
Go to Alerts and click an alert to open it.
-
In the Status field, click the edit icon () to activate the dropdown, and select a status from the list.
It is strongly recommended that you update the status of alerts and provide a closure note once you have determined that an alert can be closed.
Updating the status and closure notes closes the loop on the alert and helps the Fortinet SOC team understand your needs and improve the service over time.
In Progress
The customer has acknowledged the alert and is investigating.
Confirmed
Customer confirmed the incident and is looking into containment and mitigation.
Closed (Duplicate)
Similar escalation received.
Closed (False Positive)
Escalation determined to be false positive
Closed (Risk Accepted)
Confirmed but risk is accepted by customer
Closed (Resolved)
Alert closed after responding to incident.
-
When marking an alert as closed, the portal prompts you to enter a closure note allowing you to provide additional information about why the alert has been marked closed.
Enter a note in the Closure Notes text field, and click Apply.