Incident Status Values: Incident statuses in FortiSIEM help administrators track and manage the
lifecycle of incidents from detection to resolution.
Four Possible Status Values:
Active: Indicates that the incident is currently ongoing and needs attention.
Closed: Indicates that the incident has been resolved or addressed.
Cleared: Indicates that the incident has been resolved automatically based on predefined conditions.
Open: Indicates that the incident is acknowledged and under investigation but not yet resolved.
Usage: These statuses help in prioritizing and tracking incidents effectively, ensuring that all
incidents are appropriately managed.
Reference: FortiSIEM 6.3 User Guide, Incident Management section, which details the different
status values and their meanings.
