In this article, we will explore how FortiSOAR's SLA Notification Solution assists organizations in meeting their SLAs. Here are some key benefits of the solution:
-
Timely SLA Notifications: Analysts receive prompt notifications regarding Incidents and Alerts that are either approaching or have already breached Acknowledgment SLAs, ensuring a swift response and resolution.
-
Enhanced SLA Compliance: FortiSOAR plays a critical role in maintaining compliance with SLAs, effectively reducing the risk of contractual penalties and reputational damage resulting from SLA violations.
-
Customization: The system provides the flexibility to define notification recipients and seamlessly integrates with MS Teams, facilitating tailored notification delivery that aligns with the organization's specific requirements.
Implementation Details:
Playbooks:
-
Incidents SLA Notification Playbook: This playbook is designed to continuously monitor Incidents within FortiSOAR. It periodically assesses the SLA status of these incidents, identifying those that are on the brink of breaching the Acknowledgment SLA or have already done so.
-
Alerts SLA Notifier Playbook: Similar to the Incidents playbook, this one focuses on monitoring Alerts. It identifies Alerts that are approaching Acknowledgment SLA violations or have already exceeded the defined thresholds.
Configuration Options:
-
email_recipient: Administrators have the option to configure the recipient of SLA notifications. If this field is left empty, notifications will automatically be sent to the respective record owner. This level of flexibility allows for personalized notification routing.
-
create_announcement: Enabling this setting to "True" results in the generation of an announcement record for each SLA notification. These announcement records can be employed as triggers for additional FortiSOAR system notifications, enhancing the notification process.
-
channel_name: For organizations utilizing MS Teams for internal communication, the configuration allows the specification of the MS Teams channel where SLA breach notifications will be directed.
Connectors:
-
MS Exchange Connector: This connector is integral for sending email notifications. It seamlessly integrates with the organization's email system to ensure that recipients receive notifications via email.
-
MS Teams Connector: For organizations utilizing MS Teams for collaboration and communication, this connector enables the delivery of SLA breach notifications to the designated Teams channel.
Scheduling:
The Incidents SLA Notification and Alerts SLA Notifier Playbooks are scheduled to run at consistent intervals. The frequency of these checks can be customized according to the organization's SLA policy and specific monitoring needs. Commonly, these playbooks are set to run every 10 minutes.
Reference: https://fortisoar.contenthub.fortinet.com//detail.html?entity=sLANotification&version=1.0.0&type=sol...
