Technical Tip: Exporting Cases to CSV file with Custom Column Names

Description

This article describes a method to export cases from the FortiSIEM Cases Tab to a CSV file with custom column names.

Scope

FortiSIEM v7.x+.

Solution

Currently, exporting cases directly from the GUI is not supported. However, this can be achieved via the Supervisor’s CLI using PostgreSQL queries on the ph_incident_ticket table.

To export all cases using default database column names:

psql -U phoenix -d phoenixdb -c "SELECT * FROM ph_incident_ticket;" --csv >> ph_cases.csv

To export cases with user-friendly, custom column names:

psql -U phoenix -d phoenixdb -c "SELECT id AS \"Case ID\", assignee_name AS \"Assignee\", remark AS \"Summary\", cust_org_id AS \"Organization\", TO_TIMESTAMP(creation_time / 1000) AS \"Created Date\", priority AS \"Severity\", case_entity AS \"Assets\", closedcode AS \"Closed Code\" FROM ph_incident_ticket;" --csv >> ph_cases_custom_names.csv

Example Output.

Refer to the attached screenshot for a sample CSV output.

Formatting Notes.

The general format used to rename columns is:

original_database_column AS \"Custom Display Name\"

Refer to the CSV exported using the first command (ph_cases.csv) to identify which database fields map to the GUI display names. For example:

assignee_name in the database appears as Assignee in the GUI (List View).