Creating a Ticket

FortiSIEM has a built-in ticketing system. A ticket can be created from the following:

Creating a Ticket from the CASES Tab

To create a ticket from the CASES tab:

  1. Go to CASES.
  2. Click New.
  3. In the New Ticket dialog box, enter the following information:
    SettingsGuidelines
    Summary[Required] Summary information about the ticket.
    StateState is automatically created by the system once the ticket is created. This can be modified from New to other values later.
    AssigneeClick the edit icon to select a user from the list of Users.
    EscalationEscalation policy.
    Priority[Required] Priority of the ticket - High, Medium, or Low.
    Due DateDue date for the ticket.
    AttachmentClick the edit icon to select and upload or delete any files related to the ticket.
    CCEmail IDs to copy the ticket details to.
    NotesAny description of the ticket.
  4. Click Save.
    A unique ID is automatically assigned to the ticket.
  5. Select the ticket from the list to display tabs for the Detail, Action History, and Evidence information in the lower pane.

Creating a Ticket from the INCIDENTS Tab

To create a ticket from any specific Incident:

  1. Go to INCIDENTS > List View.
  2. Select the incident and click the Actions drop-down menu to select Create Case.
    The Incident details are automatically pulled to the new ticket creation window.
  3. Enter the following information for the new ticket:

    SettingsGuidelines
    AssigneeClick the edit icon to select a user from the list of Users.
    Priority[Required] Priority of the ticket - High, Medium, or Low.
    Due DateDue date for the ticket.
    AttachmentClick the edit icon to select and upload or delete any files related to the ticket.
    CCEmail IDs of the users who will receive copies of the ticket details.
  4. Click Save.

Creating a Ticket via Incident Notification Policy

To create a ticket automatically when an Incident triggers:

  1. Go to ADMIN > Settings > General > Notification Policy.
  2. Click New and select Create Case when an incident is created.
  3. Click the edit icon for this setting and add the following details:

    SettingsGuidelines

    Escalation

    Select an escalation policy from the drop-down list. See Escalation Settings.

    Expires inTime after which the ticket expires.
    Priority[Required] Priority of the ticket - High, Medium, or Low.
    AssigneeClick the edit icon and assign this ticket to a user in the Users group. The user can belong to any Organization.
  4. Click Save.