Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
yujames
Staff
Staff

Created on ‎01-09-2020 11:57 AM Edited on ‎08-20-2025 09:57 PM By Community Manager

Article Id 195468

Technical Tip: How to delete Incidents in FortiSIEM from database using CLI

Description

 
This article describes how to quickly delete incidents from fortiSIEM by dropping child tables from fortiSIEM that includes the target incident.
This article only describes how to drop child tables from fortiSIEM to avoid risk of orphaned entries.
 
This requires some basic understanding of database management. Do not perform this task without familiarity with database management.
If the tables are dropped incorrectly, the risk of orphaned database entries is high.


Scope

 

FortiSIEM Version 4.3+.

Solution

 
  1. SSH into the supervisor as root
  2. Run the following:

 

psql -U phoenix -d phoenixdb

 

  1. Run the following:

 

drop table ph_incident_yXXXXmXX;drop table ph_incident_detail_yXXXXmXX;

 
Example 1:
Dropping tables for November 2019:
 
drop table ph_incident_y2019m11;drop table ph_incident_detail_y2019m11;
 
Example 2:
Dropping tables for March 2020:
 
drop table ph_incident_y2020m3;drop table ph_incident_detail_y2020m3;
 
  1. Run '\q'.
  2. Run 'exit'.
 
This will drop the connection from postgresql as well as SSH.
1662
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.