Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ebudi
New Contributor II

Fortisiem Cases

We just completed deploying our in house FortiSIEM v7

The System User keeps creating cases automatically, is there a way to turn it off so that only SOC analysts can create the cases?

Eugene Wadeya
Eugene Wadeya
5 REPLIES 5
Sx11
Staff
Staff

Hi Eugene,

 

are you refering to tickets created automatically by Incident Notification Policies?

If you go to  ADMIN > Settings > General > Notification Policy and edit the Policies you have the option " Create Case when an incident is created " which creates them automatically.

 

Regards

sx11
ebudi
New Contributor II

H sx11,

That's what I'm referring to. I have not configured any notifications policy that involves creation of cases for incidents. It keeps generating new cases under user "System" as shown below. This is affecting our MTTR.

ebudi_0-1697435156456.png

 

 

ebudi_1-1697435156434.png

 

 

Eugene Wadeya
Eugene Wadeya
ebudi
New Contributor II

H sx11,

That's what I'm referring to. I have not configured any notifications policy that involves creation of cases for incidents. It keeps generating new cases under user "System" as shown below. This is affecting our MTTR.

1.png

 

2.png

Eugene Wadeya
Eugene Wadeya
Sx11
Staff
Staff

 Hi Eugene,

 

if you edit those 2 notification policies that are referenced in your image do they have the below option enabled?

Create_Case_Not_policy.png

 

Regards

sx11
ebudi
New Contributor II

Quick update, it turned out to be a bug. An upgrade to version 7.1 fixed it

Eugene Wadeya
Eugene Wadeya
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors