Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.1 User Guide
    7.5.1
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Rule Tags

    Rule Tags

    FortiSIEM offers system level tags that are linked to appropriate system rules. These tags can be used to locate incidents and cases where a rule with an associated tag was triggered. User defined tags can also be created, and associated with rules that trigger incidents. After creating a user defined tag, you associate it with a rule (See Creating a Rule: Step 3: Define Actions). After this configuration, you can view tags on the Incidents page or Cases page by doing any of the following.

    • View tag(s) on the Incidents List View or Cases List View page under the Tag column.
    • Search for tag related incidents by including Incident Tag as part of your search.
    • Search for tag related cases by including Tag as part of your search.
    • Select an incident or case and view tag(s) in the Incident or Case sidebar.

    The following topics are available.

    Creating a Rule Tag

    Follow these steps to create a new tag.

    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Click +.
    3. In the Rule Tags window, take the following steps:
      1. In the Tag field, enter a name for the tag you wish to create.
      2. In the Color field, select a color for the tag.
      3. (Optional) In the Description field, add any information you wish to convey about the tag, such as its intent.
      4. When done, click Save.

    At this point, you tag will be saved, and be available from the Tags drop-down list when creating or editing a Rule.

    Editing a Rule Tag

    Follow these steps to edit a tag.

    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Select the rule tag you wish to edit, and click .
    3. In the Edit Tag: <Name of Rule Tag> window, make any changes to the Tag, Color, and Description fields.
    4. When done, click Save.

    Deleting a Rule Tag

    Follow these steps to delete a user-defined tag. System tags cannot be deleted.

    note icon Tip: On the Rule Tags page, look at the Scope column to identify whether a tag is a System tag or User (defined) tag.
    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Select the rule tag you wish to delete.
    3. Click the Delete () icon.
    Previous
    Next

    Rule Tags

    Rule Tags

    FortiSIEM offers system level tags that are linked to appropriate system rules. These tags can be used to locate incidents and cases where a rule with an associated tag was triggered. User defined tags can also be created, and associated with rules that trigger incidents. After creating a user defined tag, you associate it with a rule (See Creating a Rule: Step 3: Define Actions). After this configuration, you can view tags on the Incidents page or Cases page by doing any of the following.

    • View tag(s) on the Incidents List View or Cases List View page under the Tag column.
    • Search for tag related incidents by including Incident Tag as part of your search.
    • Search for tag related cases by including Tag as part of your search.
    • Select an incident or case and view tag(s) in the Incident or Case sidebar.

    The following topics are available.

    Creating a Rule Tag

    Follow these steps to create a new tag.

    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Click +.
    3. In the Rule Tags window, take the following steps:
      1. In the Tag field, enter a name for the tag you wish to create.
      2. In the Color field, select a color for the tag.
      3. (Optional) In the Description field, add any information you wish to convey about the tag, such as its intent.
      4. When done, click Save.

    At this point, you tag will be saved, and be available from the Tags drop-down list when creating or editing a Rule.

    Editing a Rule Tag

    Follow these steps to edit a tag.

    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Select the rule tag you wish to edit, and click .
    3. In the Edit Tag: <Name of Rule Tag> window, make any changes to the Tag, Color, and Description fields.
    4. When done, click Save.

    Deleting a Rule Tag

    Follow these steps to delete a user-defined tag. System tags cannot be deleted.

    note icon Tip: On the Rule Tags page, look at the Scope column to identify whether a tag is a System tag or User (defined) tag.
    1. Navigate to Admin > Settings > Analytics > Rule Tags.
    2. Select the rule tag you wish to delete.
    3. Click the Delete () icon.
    Previous
    Next