Incident Status in FortiSIEM: The status of an incident indicates its current state and helps administrators track and manage incidents effectively.
Cleared Status: When an incident’s status is "Cleared," it means that a specific condition set to clear the incident has been satisfied.
Clear Condition: This is typically a predefined condition that indicates the issue causing the incident has been resolved or no longer exists.
Automatic vs. Manual Clearance: While some incidents may be cleared automatically based on clear conditions, others might be manually cleared by an operator.
References: FortiSIEM 6.3 User Guide, Incident Management section, detailing the various incident statuses and the conditions that lead to an incident being marked as "Cleared."
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit