Hi Experts,
The idea is to create a shift handover using FortiSOAR.
Lets say, in current shift 05 alerts triggered, out of those, 3 were closed successfully, 02 were in progress/investigating. Lest say, during the investigation of those 2 alerts, shift time is over. The current shift SOC analyst would initiate the shift handover and would handover the "in progress/investigating" alerts to next shift.
Need to create the above scenario in FortiSOAR. Please help! I shall be extremely grateful.
Regards,
MFaruqi
Solved! Go to Solution.
Created on 03-26-2024 03:39 AM Edited on 03-26-2024 03:42 AM
Resolution provided -
1. Check the teams that were added in queue settings on edit queue - user assignment page - update record ownership.
2. Add these teams to the appliance 'Playbook'. Application Settings - Appliance - Playbook - Check Teams Section.
Reason - The permission on appliance 'playbook' decides for which record both inclusion and exclusion of record to/from queue will work. When the record was first created the record owner(teams) and playbook appliance owner(teams) were same so the record gets added to the queue successfully, but the queue was also updating the teams ownership of record once it was added to the queue. and the appliance 'playbook' was not part of these teams. Hence exit queue function did not work on the record.
Hi Experts!
There is a requirement for the Shift Management. I create the Shifts in FSR by manually entering all the shifts like Morning, Afternoon and Night Shift and provide the start time and duration of each shift. After that, the team members for each shift are updated manually.
Is there any way to generate the shift by uploading any pdf or csv file of monthly shift roaster and the whole months shifts are generated in FSR?
Kindly let me know if this is possible? I shall be extremely grateful.
Hi Experts!
Can we generate a report on closed alerts of last shift?
For example, when a morning shift is ended, and a handover is given to afternoon shift, can we generate the report of the closed alerts that were generated during the morning shift?
@bbhaskar @Anonymous
Created on 05-05-2024 10:21 PM
Thanks for reaching out MuhammadFaruqi1, our team will get back shortly!
~Deepti Srivastava
Hi Team,
Need support on two points that have already been mentioned earlier, but I am summarizing it here:
1- A report from last shift: Lets say, shift duration is 8 hours. So in last 8 hours how many alerts were closed, and how many alerts are opened, investigating or pending.
2- Can we upload a csv or a pdf file from duty roaster to generate the shifts in FortiSOAR?
Regards,
Burhan
Hi @MuhammadFaruqi1 -
1. For last shift report - you can create a report in the format you want, enabling dynamic parameters in the report like Created Date is In Last X hours, and/or shift details if you need. Now, in a playbook, use the Reporting Connector and pass these dynamic values to the report from the playbook and then your report will run automatically based on the dynamic values it gets everytime.
2. For generating shifts using CSV - yes, should be possible. Refer this article in general for creating records from CSV and that should help. https://community.fortinet.com/t5/FortiSOAR-Discussions/Upload-CSV-and-update-FortiSOAR-Records/m-p/...
Created on 05-14-2024 01:19 AM Edited on 05-14-2024 01:19 AM
HI Amit,
Thanks for the response. I would like to add our SOC duty roaster in csv format as per the attachement here. Can we be able to upload this CSV file and create our shift using this CSV file?
Yes, as I said earlier - follow the article there for suggestions on how this can be done. https://community.fortinet.com/t5/FortiSOAR-Discussions/Upload-CSV-and-update-FortiSOAR-Records/m-p/...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.