Technical Tip: Triggered Event Count visibility in the Incident menu
Description
This article describes a method to enable Triggered Event Count visibility in the FortiSIEM Incident menu.
Scope
FortiSIEM.
Solution
The FortiSIEM Incident GUI displayed provides multiple columns and useful information for users to investigate the activity in the system. However, the 'Detail' columns may have missing information that helps the users further understand the incident especially Triggered Event Count.
In that case, users need to make sure the Rules are configured correctly. In FortiSIEM GUI -> Resources -> Rules -> Edit the Selected rules -> Step 3: Define Action -> Action:
In the Action configuration, the Triggered Event Count needs to be configured with COUNT(Matched Events).
After that, users should see the Incident -> Detail column displayed with Triggered Event Count:
Related document: