Notifications can be sent only when an incident is created or deleted.

You must configure an output profile to send notifications by email.

Each incident can send notifications to a single external platform.

Each connector used can have different notification settings.

 FortiAnalyzer needs that time to back up the current playbooks.

FortiAnalyzer needs that time to parse the new playbook

FortiAnalyzer needs that time to ensure there are no other playbooks running.

FortiAnalyzer needs that time to debug the new playbook.

By attaching it to an event handler alert

By editing the settings of the desired report

From the properties of an existing incident

Saving it in JSON format, and then importing it

 The security event risk is considered open.

The security risk was blocked or dropped

The risk source is isolated.

An incident was created from this event.

FortiAnalyzer flags the associated host for further analysis.

The endpoint is marked as Compromised and, optionally, can be put in quarantine.

A new Infected entry is added for the corresponding endpoint.

The detection engine classifies those logs as Suspicious.

Send Alert through Fabric Connectors

Send Alert through FortiSIEM MEA

Send SNMP trap

Send SMS notification

To list the current SQL processes running

 To check what is the database log insertion status 

To display the SQL query connections and hcache status

To view the current hcache size