Description | This article describes how to delete Incident Cases from the Command line interface. |
Scope | FortiSIEM. |
Solution |
Some users may have a big number of cases, which they cannot delete from the GUI. The following provides a solution to delete the cases from the backend based on their state:
psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=0"
psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=1"
psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=3"
psql -U phoenix phoenixdb -c "update ph_incident_ticket set ticket_state=2, closed_time=`date +%s%3N`,closenote='Closed by CLI' where ticket_state=4" |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.