Submit Search

Case Management

Case Management allows you to define policies for cases and define case close codes for use with the FortiSIEM Case system. To use a case management policy, you must have a group and users created under FortiSIEM Analysts in CMDB > Users. See Setting Up Manual Case Management or Setting Up Automatic Case Management for general initial configuration steps. A general Case Management demo video is available here.

Adding/Editing a Case Management Policy
Adding/Editing Case Close Codes
Viewing Case Management Policy
Viewing Case Close Codes
Applying Case Creation to Automation Policy

Adding/Editing a Case Management Policy

To create/edit a Case Management Policy, take the following steps.

From Admin > Settings > General > Case Management, click the Case Management Policy tab.
If creating a new case management policy, click New. If editing a case management policy, select the policy you wish to edit, and click Edit.

Click on each tab to view and configure its settings.

Configure the General settings using the table below.

General Settings	Guidelines
Name	Enter the name of the case management policy. This name is used as a reference
Description	Enter a description of the case management policy.

The SLA & Escalation setting allows you to configure how escalations are handled based on their case severity (Critical, High, Medium, and Low). For each case severity type, configure the SLA & Escalation settings using the table below.

SLA & Escalation Settings	Guidelines
SET Due Date as:	Configure the due date. The due date can be configured as the period of time "Days" or "Hours". In the first field, enter a numeric value. From the drop-down list, select Days or Hours to configure the period of time as Days or Hours respectively.
WHEN Remaining Time is within: OR Due Date violated	Configure the remaining period of time that must occur from a case, or the due date is violated when an email notification is sent. In the first field, enter a numeric value. From the drop-down list, select Days or Hours to configure the period of time as Days or Hours respectively.
THEN Email To:	Configure for whom an email will be sent to, when a case reaches the remaining time configured, or the due date has been violated, by selecting the Assignee, Team Lead and/or Assignee's Manager checkbox.
If no Case Update in:	Configure when an email is sent if there is no case update. In the first field, enter a numeric value. From the drop-down list, select Days or Hours to configure the period of time as Days or Hours respectively.
THEN Email To:	Configure for whom an email will be sent to, when a case update has not occurred within the configured period of time, by selecting the Assignee, Team Lead and/or Assignee's Manager checkbox.

Configure the Auto-assignment settings using the table below.

Auto- assignment Settings	Guidelines
Assignment within Team	Configure how cases are automatically assigned. Always Assign To Team Lead - Select this option to have all cases be automatically assigned to the Team Lead. Randomly within Team members - Select this option to randomly assign cases to team members. Team member with least number of Cases - Select this option to automatically assign the newest case to a team member with the least number of cases.
No Assignee found within Team	Configure how cases, based on case severity type, are handled if no assignee can be found. From the drop-down list, configure what case severity types are handled by selecting them from the drop-down list. In the next drop-down list, select whether the configured case severity types will be put in the First or Last Team Queue or to the First or Last Team Lead if no assignee can be located. In the next drop-down list, configure how other case severity types that were not part of the earlier configuration are handled in the Team Queue, by selecting whether to leave the case in the First or Last Team Queue.

Auto-
assignment Settings

Guidelines

Assignment within Team

Configure how cases are automatically assigned.

Always Assign To Team Lead - Select this option to have all cases be automatically assigned to the Team Lead.
Randomly within Team members - Select this option to randomly assign cases to team members.
Team member with least number of Cases - Select this option to automatically assign the newest case to a team member with the least number of cases.

No Assignee found within Team

Configure how cases, based on case severity type, are handled if no assignee can be found. From the drop-down list, configure what case severity types are handled by selecting them from the drop-down list. In the next drop-down list, select whether the configured case severity types will be put in the First or Last Team Queue or to the First or Last Team Lead if no assignee can be located. In the next drop-down list, configure how other case severity types that were not part of the earlier configuration are handled in the Team Queue, by selecting whether to leave the case in the First or Last Team Queue.

Configure the Permissions settings using the table below.

Permissions Settings	Guidelines
Change Status	Select the personnel allowed to change the status of a case, by selecting the appropriate checkboxes.
Edit Note	Select the personnel allowed to edit cases by selecting the appropriate checkboxes.

Configure the Notifications settings using the table below.

Notifications Settings	Guidelines
Subject	Select the subjects for which notifications should be sent.
Recipients	Select the recipients whom notifications will be sent to by selecting the appropriate checkboxes.
Method	Select how notifications are sent.

Configure the Auto Close settings using the table below.

Auto Close Settings	Guidelines
Auto Close	The following options are available. Do not close - Select this if you do not want any cases to automatically be closed if all related incidents have been cleared from a case. Close after <#> <period of time> of all Incidents clearing - Select this to configure when a case will be automatically closed. In the first field, enter a number for the period of time required for a case to be closed if all incidents related to that case have been cleared. In the following drop-down list, select Minute(s) or Hour(s) to define the unit of time for automatic closure of a case if all related Incidents have been cleared. This allows you to add any related incidents that may come through to a case that will soon be closed.

Auto Close Settings

Guidelines

Auto Close

The following options are available.

Do not close - Select this if you do not want any cases to automatically be closed if all related incidents have been cleared from a case.
Close after <#> <period of time> of all Incidents clearing - Select this to configure when a case will be automatically closed. In the first field, enter a number for the period of time required for a case to be closed if all incidents related to that case have been cleared. In the following drop-down list, select Minute(s) or Hour(s) to define the unit of time for automatic closure of a case if all related Incidents have been cleared. This allows you to add any related incidents that may come through to a case that will soon be closed.

When done, click Save.

Adding/Editing Case Close Codes

To create/edit a Case Close Code, take the following steps.

From Admin > Settings > General > Case Management, click the Case Close Codes tab.
If creating a new case close code, click New. If editing a case close code, select the case close code you wish to edit, and click Edit.
If you wish to make the Case Close Code available for use, click the Enable checkbox.
In the Name field, enter the Case Close Code name.
Note: The Name field does not allow the "space" character, or the special characters "!, #, $, %, ^, &, *, ( and )".
In the Description field, enter information about the Case Close Code.
Click Save.

Viewing Case Management Policy

If you navigate to the Case Management page, and click on the Case Management Policy tab, the Case Management Policy table appears. Information about the table follows.

Column	Description
Name	Name of the Case Management Policy
SLA & Escalation	The Service Level Agreement and Escalation Case Severity Types configuration
Auto-assignment	How cases are automatically assigned.
Permissions	Permissions in place for changing the state of a case, and who can edit notes.
Notifications	The Subject, Recipients and Method for notifications.
Auto Close	When automatic closure of a case occurs.

Viewing Case Close Codes

If you navigate to the Case Management page, and click on the Case Close Codes tab, the Case Close Codes table appears. Information about the table follows.

Column	Description
Enabled	If Enabled is checked, it means the Case Close Code is available and can be selected when closing a case.
Name	The Case Close Code name
Description	Information about the Case Close Code, typically describes how a case was closed.
Scope	A Case Close Code can be System or User. If the scope is displayed as System, it is a pre-defined Case Close Code, and cannot be edited. A scope defined as User, is a user created Case Close Code, and can be edited.

Applying Case Creation to Automation Policy

To associate a Case Management Policy to an Automation Policy, take the following steps.