How to convert Forti Analyzer events into Incidents

Poorna Sai
Tera Contributor

Hi,

 

I need to convert Forti Analyzer events into incidents. Is there any way that we can achieve it. 

2 REPLIES 2

sstrobel
Tera Contributor

Please take a look at the Store for "Security Operations FortiAnalyzer Integration V2".  Looks like this will do what you want it to do.

saith2562
Giga Contributor

Yes, it is possible to convert FortiAnalyzer events into incidents. FortiAnalyzer is a centralized logging and reporting solution offered by Fortinet, and it is designed to collect, analyze, and archive logs from various Fortinet devices.

To convert FortiAnalyzer events into incidents, you can follow these general steps:

Link Essay

  1. Identify the relevant events: Determine which events you want to convert into incidents. This could be based on specific criteria, such as severity level, type of event, or other factors.

  2. Configure event rules: FortiAnalyzer provides the ability to create custom event rules or filters. These rules allow you to define conditions that match the events you want to convert into incidents. By creating event rules, you can automatically categorize and filter the events based on specific criteria.

  3. Assign incident attributes: Once the events are identified and filtered, you can assign attributes to them to convert them into incidents. These attributes might include incident type, priority, assignee, status, or any other relevant information that helps manage and track incidents effectively.

  4. Generate incident reports: FortiAnalyzer enables you to generate reports based on the converted incidents. These reports can provide insights into the incident trends, severity levels, response times, or any other relevant metrics.

It's important to note that the specific steps and configuration options may vary based on the version of FortiAnalyzer you are using. It is recommended to refer to the FortiAnalyzer documentation or reach out to Fortinet support for detailed instructions and assistance specific to your version and requirements.