What happens to an incident without a defined notification policy in FortiSIEM?

In FortiSIEM, if an incident occurs and there is no defined notification policy, the incident is logged for future review. This means that while the incident is not actively managed or escalated based on an immediate response protocol, it still gets recorded within the system for analysts or responsible personnel to evaluate at a later time. This allows for retrospective analysis and helps ensure that no important events are overlooked, even in the absence of a proactive notification process.

This approach maintains a record of incidents for compliance and auditing purposes, enabling organizations to analyze trends over time, identify potential gaps in their security posture, and develop improved incident response strategies. While active notification can expedite response actions, logging incidents without an active policy ensures that they are not completely disregarded or lost, keeping the data available for future investigations.