FortiSIEM: how to delete a case?

Question

Hi Community,

In FortiSIEM 7, is there a possibility to delete a case and the references?

On the FortiSIEM Dashboard under Cases, a case has a Ticket_ID and Incident_ID.

In my example, I have a 1 Incident_ID 121212 which links to 3 Ticket_ID's 33086714, 33086715 and 33086716.

So far, I had to delete the Ticket_ID from two tables:

phoenixdb=# delete from ph_incident_ticket_trail where ticket_id = 33086716;
DELETE 1

phoenixdb=# delete from ph_incident_ticket where id = 33086716;
DELETE 1

However if I lookup the Incident_ID, it keeps pointing to 33086716:

phoenixdb=# select ticket_id from ph_incident where incident_id = 121212;
ticket_id
-----------
33086716
(1 row)

Is it safe to update the field here with the before last ticket_id 33086715?

Also, if I check under Incidents, the Active History still shows all 3 cases - how can I delete the references?

PartBhat · Accepted Answer

By design, Cases can not be deleted. They can only be marked Closed. Then they will disappear from default view. Database will be cleaned up later in a consistent way. This is similar in principle to most bug tracking systems .

Users making changes to the database tables is not recommended, and not supported.

Stephen_G · Answer

Hello,   Thank you for using the Community Forum. I have moved this to FortiSIEM Discussions, where you are more likely to receive an answer.   Thanks,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded