Managing Tasks

FortiSIEM supports Data Anonymization to hide Personally Identifiable Information including IP addresses, host names, user names and email addresses in external and internal logs, Incidents, and CMDB records based on the user role for a specific period of time.

After assigning the user to anonymize a role and creating a Data Anonymization approver (To create a requestor and approver, see Adding a New Role - Activation, Data Obfuscation, and Approver for configuration options), the work-flow is as follows:

  1. The user creates a de-anonymization request and sends to the approver.
  2. The approver receives an email notification.
  3. The approver then verifies and accepts the request for a specific period by setting a validity date. (An approver may also reject a request specifying a valid reason.)
  4. If approved, the user can see the de-anonymized data until the validity period.
  5. After the validity period, the data is hidden again. To de-anonymize the data, create a new request.

The following procedures describe how a user can submit a task request and the Data Anonymization approver approves or rejects.

Requesting a De-anonymization Request

You can send a de-anonymization request with justification, to a Data Anonymization approver, to de-anonymize the requested data for a specific period of time.

  1. Go to TASKS > Request tab.
  2. Click New to create a de-anonymization request.
  3. Select the Approver from the drop-down to send this request.
  4. Select the Type of de-anonymization request.
  5. Enter the Justification for viewing the data.
  6. Click Save to send the request to the Data Anonymization approver.

Approving a De-anonymization Request

When a user sends a de-anonymization request, the Data Anonymization approver receives an email notification. The approver can see the list of de-anonymization requests under the Approval tab on login. The approver then verifies the justification and provides approval.

  1. Go to TASKS > Approval tab.
  2. Select the request from the list or search using the search bar and choose the following options from the drop-down list on the right:
    • Approve to allow de-anonymization for a specific time period under Valid Till or For the date and time listed in the time stamp field. You can click the time stamp field to choose a different date and time. The default time is two days, if no date/time is selected.
    • Reject to reject the de-anonymization request specifying a valid Reason.
  3. Click OK to send the approval/rejection.
    The user can see the Status of this request under the Request tab on login.

Note: Fortinet understands that multiple approvers can be selected in a request. Fortinet's behavior in these situations is to acknowledge the approver who first provides approval (or rejection), and ignore any further responses. Furthermore, any approval or rejection is final, meaning it cannot be updated or changed.

If there is an approval for a task, but the another new request for the same task is sent again and another approval is granted, the approval with the shortest expiration takes precedence in this situation.