Quantcast
Channel: Fortinet GURU
Viewing all articles
Browse latest Browse all 2380

FortiSIEM Using Group By Attributes to View Incidents

$
0
0

Using Group By Attributes to View Incidents

The Incident Dashboard presents a view of all incidents based on the filter conditions you select. However, there may be situations in which you want to view incidents grouped on incident attributes like Incident Source, Incident Target, Severity, or Incident Name. Once incidents are grouped by their attributes, you can view Incident Details for the entire group.

  1. Log in to your Supervisor node.
  2. Go to Incidents.
  3. In the Group By menu, select the attributes you want to use to group the incidents, and then click Refresh.

The Incident Dashboard will refresh and display incidents grouped according to the attributes you selected, with a COUNT(Matched Events) column that indicates how many incidents are in each group.

  1. Select a group and then click on it to open the Options
  2. In the Options menu, select Show Incident Details for This Group.

The Incident Dashboard will refresh to show all incidents in the selected incident group, and you can use the Contextual Menus to find out more information about them.


Viewing all articles
Browse latest Browse all 2380

Trending Articles