Incident Status

Ali_Maher · ‎05-14-2024

Hello,

Ask about the Incident Status:- Active, Manaually Cleared, Automatically cleared, and System cleared.

the System cleared and the Auto cleared is performed by the system itself no interaction from the user side.

How can i use them efficiently?

BR, Ali Maher

Secusaurus · ‎05-14-2024

Hello Ali,

I am sorry, but I don't understand your question here.

You can only clear manually, so the auto-clear (ML or clear-condition cleared it) and system-clear (one day after incident happened) is just something to get you better understanding about the reason for clearing. So what do you have in mind for using them "efficiently"?

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

knguyen1 · ‎05-17-2024

Ali might be saying that incidents are automatically clearing even without a rule definition defined. If so, we're seeing something similar.

FSM_FTNT · ‎06-03-2024

What version of FortiSIEM are you running?

knguyen1 · ‎06-03-2024

We were on 7.1.2. We're thinking it may have been right after we did a content update to version 608 but it seems to have resolved itself after some time though.

FSM_FTNT · ‎06-10-2024

can you check under Admin / Settings / AI/ML if you have this enabled

Auto Clear Incidents with % False Positive Confidence

knguyen1 · ‎06-10-2024

We do not have auto clear incidents with AI/ML enabled but we will definitely keep this in mind next time we see something weird with the auto clears. Thanks!

Incident Status

Nominate a Forum Post for Knowledge Article Creation