We just completed deploying our in house FortiSIEM v7
The System User keeps creating cases automatically, is there a way to turn it off so that only SOC analysts can create the cases?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Eugene,
are you refering to tickets created automatically by Incident Notification Policies?
If you go to ADMIN > Settings > General > Notification Policy and edit the Policies you have the option " Create Case when an incident is created " which creates them automatically.
Regards
H sx11,
That's what I'm referring to. I have not configured any notifications policy that involves creation of cases for incidents. It keeps generating new cases under user "System" as shown below. This is affecting our MTTR.
H sx11,
That's what I'm referring to. I have not configured any notifications policy that involves creation of cases for incidents. It keeps generating new cases under user "System" as shown below. This is affecting our MTTR.
Hi Eugene,
if you edit those 2 notification policies that are referenced in your image do they have the below option enabled?
Regards
Quick update, it turned out to be a bug. An upgrade to version 7.1 fixed it
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.