Creating a Ticket

FortiSIEM has a built-in ticketing system. A ticket can be created from the following:

• CASES tab
• INCIDENTS tab
• Via Incident Notification Policy

Creating a Ticket from the CASES Tab

To create a ticket from the CASES tab:

1. Go to CASES.
2. Click New.
3. In the New Ticket dialog box, enter the following information:
   

   Settings	Guidelines
   Summary	[Required] Summary information about the ticket.
   State	State is automatically created by the system once the ticket is created. This can be modified from New to other values later.
   Assignee	Click the edit icon to select a user from the list of Users.
   Escalation	Escalation policy.
   Priority	[Required] Priority of the ticket - High, Medium, or Low.
   Due Date	Due date for the ticket.
   Attachment	Click the edit icon to select and upload or delete any files related to the ticket.
   CC	Email IDs to copy the ticket details to.
   Notes	Any description of the ticket.

4. Click Save.
   A unique ID is automatically assigned to the ticket.
5. Select the ticket from the list to display tabs for the Detail, Action History, and Evidence information in the lower pane.

Creating a Ticket from the INCIDENTS Tab

To create a ticket from any specific Incident:

1. Go to INCIDENTS > List View.
2. Select the incident and click the Actions drop-down menu to select Create Case.
   The Incident details are automatically pulled to the new ticket creation window.
3. Enter the following information for the new ticket:
   
   

   Settings	Guidelines
   Assignee	Click the edit icon to select a user from the list of Users.
   Priority	[Required] Priority of the ticket - High, Medium, or Low.
   Due Date	Due date for the ticket.
   Attachment	Click the edit icon to select and upload or delete any files related to the ticket.
   CC	Email IDs of the users who will receive copies of the ticket details.

4. Click Save.

Creating a Ticket via Incident Notification Policy

To create a ticket automatically when an Incident triggers:

1. Go to ADMIN > Settings > General > Notification Policy.
2. Click New and select Create Case when an incident is created.
3. Click the edit icon for this setting and add the following details:
   
   

   Settings	Guidelines
   Escalation	Select an escalation policy from the drop-down list. See Escalation Settings.
   Expires in	Time after which the ticket expires.
   Priority	[Required] Priority of the ticket - High, Medium, or Low.
   Assignee	Click the edit icon and assign this ticket to a user in the Users group. The user can belong to any Organization.

4. Click Save.