FortiSOAR Discussions
MuhammadFaruqi1
New Contributor III

Queue Management and Shift handovers

FortiSOAR 

Hi Experts,

The idea is to create a shift handover using FortiSOAR.

 

Lets say, in current shift 05 alerts triggered, out of those, 3 were closed successfully, 02 were in progress/investigating. Lest say, during the investigation of those 2 alerts, shift time is over. The current shift SOC analyst would initiate the shift handover and would handover the "in progress/investigating" alerts to next shift.

 

Need to create the above scenario in FortiSOAR. Please help! I shall be extremely grateful.

 

Regards,

MFaruqi 

MFaruqi
MFaruqi
1 Solution
bbhaskar

Resolution provided -
1. Check the teams that were added in queue settings on edit queue - user assignment page - update record ownership.
2. Add these teams to the appliance 'Playbook'. Application Settings -  Appliance - Playbook - Check Teams Section.


Reason - The permission on appliance 'playbook' decides for which record both inclusion and exclusion of record to/from queue will work. When the record was first created the record owner(teams) and playbook appliance owner(teams) were same so the record gets added to the queue successfully, but the queue was also updating the teams ownership of record once it was added to the queue. and the appliance 'playbook' was not part of these teams. Hence exit queue function did not work on the record.

View solution in original post

16 REPLIES 16
MuhammadFaruqi1
New Contributor III

Hi Experts!

 

There is a requirement for the Shift Management. I create the Shifts in FSR by manually entering all the shifts like Morning, Afternoon and Night Shift and provide the start time and duration of each shift. After that, the team members for each shift are updated manually.

 

Is there any way to generate the shift by uploading any pdf or csv file of monthly shift roaster and the whole months shifts are generated in FSR? 

 

Kindly let me know if this is possible? I shall be extremely grateful.

 

@bbhaskar @Anonymous @jankit6 

MFaruqi
MFaruqi
MuhammadFaruqi1
New Contributor III

Hi Experts!

 

Can we generate a report on closed alerts of last shift? 

 

For example, when a morning shift is ended, and a handover is given to afternoon shift, can we generate the report of the closed alerts that were generated during the morning shift?

@bbhaskar @Anonymous  

MFaruqi
MFaruqi
Anonymous
Not applicable

Thanks for reaching out MuhammadFaruqi1, our team will get back shortly!

 

~Deepti Srivastava

MuhammadFaruqi1
New Contributor III

Hi Team,

 

Need support on two points that have already been mentioned earlier, but I am summarizing it here:

 

1- A report from last shift: Lets say, shift duration is 8 hours. So in last 8 hours how many alerts were closed, and how many alerts are opened, investigating or pending.

 

2- Can we upload a csv or a pdf file from duty roaster to generate the shifts in FortiSOAR?

 

Regards,

Burhan

MFaruqi
MFaruqi
AmitJain
Staff
Staff

Hi @MuhammadFaruqi1  - 

1. For last shift report - you can create a report in the format you want, enabling dynamic parameters in the report like Created Date is In Last X hours, and/or shift details if you need. Now, in a playbook, use the Reporting Connector and pass these dynamic values to the report from the playbook and then your report will run automatically based on the dynamic values it gets everytime. 

Screenshot 2024-05-13 at 11.51.35 AM.png

2. For generating shifts using CSV - yes, should be possible. Refer this article in general for creating records from CSV and that should help. https://community.fortinet.com/t5/FortiSOAR-Discussions/Upload-CSV-and-update-FortiSOAR-Records/m-p/...

Amit
MuhammadFaruqi1

Shift_SOAR.pngHI Amit,

 

Thanks for the response. I would like to add our SOC duty roaster in csv format as per the attachement here. Can we be able to upload this CSV file and create our shift using this CSV file? 

MFaruqi
MFaruqi
AmitJain

Yes, as I said earlier - follow the article there for suggestions on how this can be done. https://community.fortinet.com/t5/FortiSOAR-Discussions/Upload-CSV-and-update-FortiSOAR-Records/m-p/...

Amit