Alerts for 0 events

Forum|Forum|4 years ago
May 28, 2021
1 reply
665 views

Does anyone know how to create an alert in fortiseim that will alert if no events the match the filter in a 24 hours period.

I have tried matched events = 0 and matched events = NULL, but neither seem to work

KarnGriffen

Explorer II

There is no great way to do this. I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.-------------------------------------------
Original Message:
Sent: May 28, 2021 07:51 AM
From: Kevin Canalichio
Subject: Alerts for 0 events

Does anyone know how to create an alert in fortiseim that will alert if no events the match the filter in a 24 hours period.

I have tried matched events = 0 and matched events = NULL, but neither seem to work

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded