Help
FortiSIEM Discussions
Ernie
New Contributor II

Created on ‎11-08-2024 01:44 AM Edited on ‎11-08-2024 01:50 AM

FortiSIEM: how to delete a case?

Hi Community,

 

In FortiSIEM 7, is there a possibility to delete a case and the references?

 

On the FortiSIEM Dashboard under Cases, a case has a Ticket_ID and Incident_ID.

In my example, I have a 1 Incident_ID 121212 which links to 3 Ticket_ID's 33086714, 33086715 and 33086716.

 

So far, I had to delete the Ticket_ID from two tables:

 

phoenixdb=# delete from ph_incident_ticket_trail where ticket_id = 33086716;
DELETE 1

phoenixdb=# delete from ph_incident_ticket where id = 33086716;
DELETE 1

However if I lookup the Incident_ID, it keeps pointing to 33086716:

 

phoenixdb=# select ticket_id from ph_incident where incident_id = 121212;
ticket_id
-----------
33086716
(1 row)

Is it safe to update the field here with the before last ticket_id 33086715?

Also, if I check under Incidents, the Active History still shows all 3 cases - how can I delete the references?

 

 

 

 

 

 

 

 

 

Labels:
341
0 Kudos
1 Solution
PartBhat
Staff
Staff

Created on ‎11-11-2024 10:18 AM

By design, Cases can not be deleted. They can only be marked Closed. Then they will disappear from default view. Database will be cleaned up later in a consistent way. This is similar in principle to most bug tracking systems .

 

Users making changes to the database tables is not recommended, and not supported. 

 

View solution in original post

243
3 REPLIES 3
Stephen_G
Moderator
Moderator

Created on ‎11-11-2024 04:46 AM

Hello,

 

Thank you for using the Community Forum. I have moved this to FortiSIEM Discussions, where you are more likely to receive an answer.

 

Thanks,

Stephen - Fortinet Community Team
284
PartBhat
Staff
Staff

Created on ‎11-11-2024 10:18 AM

By design, Cases can not be deleted. They can only be marked Closed. Then they will disappear from default view. Database will be cleaned up later in a consistent way. This is similar in principle to most bug tracking systems .

 

Users making changes to the database tables is not recommended, and not supported. 

 

244
Ernie
New Contributor II
In response to PartBhat

Created on ‎11-14-2024 03:16 AM

Hi PartBhat,

 

I can understand this point of view - thank you. :)

 

Let me ask it in another way: is there a database command that can cleanup orphaned records and/or shrink the database?
I'm asking because our misconfiguration unfortunately resulted in 58K of Case records, which take up 50Gb of space and are useless to us.

 

195
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.