Creating an Incident Notification Policy

Prerequisites

Make sure you have enabled the settings for sending email or other notification actions as described in Setting Up Routing Information for Reports and Incident Notifications.

You should read the introductory topic on incident notifications to understand how policy conditions are processed..

Procedure

1. Log in to your Supervisor node.
2. Go to Analytics > Incident Notification Policy.
3. Click New.
4. Select the Incident Severity.

Only incidents matching the severity level you select will trigger a notification.

5. For Rules, click … and select the rule or rules you want to trigger this notification.
6. Set a Time Range during which this notification will be in effect.

Notifications will be sent only if an incident occurs during the time range you set here.

7. For Affected Items, click … and use the CMDB Browser to select the devices or applications for which this policy should apply.

Instead of individual devices or groups, you can apply the notification policy to an IP address or range by clicking Add under IP/Range. You can also select a group, and then select the Not option to explicitly exclude that group of applications or devices from the notification policy.

8. For multi-tenant deployments, select the Organizations to which the notification policy should apply.

Notifications will be sent only if the triggering incidents affect the selected organization.

9. Select the Actions to take when the notification is triggered.

See the topics under Sending Email and SMS Notifications for Incidents, Creating Tickets In FortiSIEM In-built Ticketing System, Creatin g Inbound Policies for Updating Ticket Status from External Ticketing Systems, and Setting Scripts as Notification Actions for more information about notification actions.

10. Enter any Comments about the policy.
11. When you are finished creating the notification policy, select Enabled to make it active in your deployment.
12. Click Save.