Executable file posting rule
I have just deployed FortiSIEM and I am now working through the process of tuning it.
I have a rule that is being triggered (Executable file posting from an external source)
to our reverse proxy server. The commands are known commands of .aspx pages and I would
like to filter that traffic based on the commands that it sees being posted. However, I
am not sure that is the best or most secure way to do it or even if it is possible.
It doesn't seem like an exception is the proper way to do this so I wanted to get some expert
opinions.
