Help
FortiSOAR Discussions
MuhammadFaruqi1
New Contributor III

Created on ‎05-11-2024 11:39 PM

Notes for Alerts or Incidents with Statuses other then "Closed" and "Resolved"

Hi Team,

We have the statuses for Alerts and Incidents. These are:

 

For Alerts: Open, Investigating, Pending, Closed, Re-opened

For Incidents: Open, Awaiting, Resolved, Inactive

 

We can only add the notes when Alert status is "Closed" or if the Incidents Status is "Resolved". 

I just want to know if a note also can be added:
1- To the Alert when the Alert status is changed from Open to either Pending, Re-opened?
2- To the Incident when the Incident status is changed from Open to Avaiting or Inactive.

 

BR,
Burhan

 

#FortiSOAR #SOAR

MFaruqi
MFaruqi
Labels:
325
0 Kudos
1 REPLY 1
AmitJain
Staff
Staff

Created on ‎05-12-2024 11:31 PM

Try this - Create an "on-update" playbook listening on the Status Change. In the playbook, if triggered, you can check if the last status was "Open". If yes, you can raise a Manual Input pop-up to add in the reason, and pass it as a comment or use how ever you need. 

Amit
289
0 Kudos
Announcements

Welcome to your new FortiSOAR Community!

View More

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.