FortiSoar Alert Levet

adem_netsys · ‎03-09-2023

How can we lower or raise the alert level in FortiSoar? For example, setting the high level alert to medium level.

anarula · ‎03-09-2023

I assume your question is how to change alert level (aka Severity) from Playbook. If that's not the case, please elaborate on your ask.

You can modify severity (or for that matter any field in alert) using Update Record step in the playbook. Specify the IRI of the alert (the @ID field) and set the severity to desired value using visual select. Similarly you can set any other field.

CTO (SOAR Business) | VP of Engineering

adem_netsys · ‎03-09-2023

Thank you for your return, can you show this statement visually? :)

anarula · ‎03-09-2023

also attaching the playbook for you (extrac json from zip and import it in your playbook collection)

CTO (SOAR Business) | VP of Engineering

adem_netsys · ‎03-09-2023

You have been very helpful. Finally, can't we trigger this by typing id into record id, should we choose alert here again?

anarula · ‎03-09-2023

Can you elaborate on your use case again? particularly who would trigger this playbook? (someone by clicking a button, or invoked as reference/subplaybook from another playbook, or scheduled) ..

CTO (SOAR Business) | VP of Engineering

FortiSoar Alert Levet

Nominate a Forum Post for Knowledge Article Creation