Incident Creation in FortiSIEM: Incidents in FortiSIEM are created based on specific patterns and
conditions defined within the system.
Group By Function: The "Group By" section in the "Edit SubPattern" window specifies how the data
should be grouped for analysis and incident creation.
Impact of Grouping: The way data is grouped affects the number of incidents generated. Each
unique combination of the grouped attributes results in a separate incident.
Exhibit Analysis: In the provided exhibit, the "Group By" section lists "Reporting Device," "Reporting
IP," and "User." This means incidents will be created for each unique combination of these attributes.
Reference: FortiSIEM 6.3 User Guide, Rule and Pattern Creation section, which details how grouping
impacts incident generation.
Which section contains the sortings that determine how many incidents are created?
Which section contains the sortings that determine how many incidents are created?