FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
yujames
Staff
Staff
Article Id 195468
Description
This article will describe how to quickly delete incidents from fortiSIEM by dropping child tables from fortiSIEM that includes the target incident.
This article will only describe how to drop child tables from fortiSIEM to avoid risk of orphaned entries.


This requires some basic understanding of database management. 
Please do not perform this if you are uncomfortable with database management.
If the tables are dropped incorrectly, the risk of orphaned database entries will be high.

Scope
FortiSIEM Version 4.3+

Solution
1 - SSH into the supervisor as root
2 - psql -U phoenix -d phoenixdb
3 - drop ph_incident_yXXXXmXX;drop ph_incident_detail_yXXXXmXX;

Example 1:
Dropping tables for November 2019
drop ph_incident_y2019m11;drop ph_incident_detail_y2019m11;

Example 2:
Dropping tables for March 2019
drop ph_incident_y2019m3;drop ph_incident_detail_y2019m3;

4 - \q
5 - exit

This will drop your connection from postgresql as well as SSH.






Contributors