FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
idabouzi
Staff
Staff
Article Id 365805
Description This article describes how to delete Incident Cases from the Command line interface.
Scope FortiSIEM.
Solution

Some users may have a big number of cases, which they cannot delete from the GUI.

The following provides a solution to delete the cases from the backend based on their state:

 

  • Cases in 'New state':

 

psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=0"

 

  • Cases in 'Assign state':

 

psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=1"

 

  • Cases in 'Progress state':

 

psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=3"

 

  • Cases in 'reopen state':

 

psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=4"