If an incident in FortiSIEM has no notification policy defined, what happens to the incident?

In FortiSIEM, if an incident has no notification policy defined, it will still be recorded within the system. This means that the incident is logged and captured for future reference and analysis, despite the absence of a specific notification action. Recording incidents is essential for maintaining an audit trail and enables security teams to review and investigate the events at a later time.

Having incidents recorded assists in generating reports, identifying trends, and conducting post-incident analyses, which are critical components of effective security operations. While there may not be immediate notifications or alerts generated for incidents without a defined policy, the ability to track and review such incidents remains a core function of FortiSIEM. This ensures that potential security issues can still be addressed, even if they are not escalated or alerted immediately.

This functionality distinguishes it from situations where incidents might be ignored or cleared, as well as from those that automatically escalate to management, which are not processes applicable to incidents lacking a notification policy.