FortiSIEM Using Group By Attributes to View Incidents

Using Group By Attributes to View Incidents

The Incident Dashboard presents a view of all incidents based on the filter conditions you select. However, there may be situations in which you want to view incidents grouped on incident attributes like Incident Source, Incident Target, Severity, or Incident Name. Once incidents are grouped by their attributes, you can view Incident Details for the entire group.

  1. Log in to your Supervisor node.
  2. Go to Incidents.
  3. In the Group By menu, select the attributes you want to use to group the incidents, and then click Refresh.

The Incident Dashboard will refresh and display incidents grouped according to the attributes you selected, with a COUNT(Matched Events) column that indicates how many incidents are in each group.

  1. Select a group and then click on it to open the Options
  2. In the Options menu, select Show Incident Details for This Group.

The Incident Dashboard will refresh to show all incidents in the selected incident group, and you can use the Contextual Menus to find out more information about them.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.