Technical Tip: FortiSIEM REGEX function is not visible in Analytics

Description

This article explains the REGEX function visibility in FortiSIEM Analytics.

Scope

FortiSIEM.

Solution

REGEX function is useful in filtering the data for FortiSIEM Analytics. By default, the REGEX function is not available in the option for the Analytics operator list:

The reason is due to some of the Event Attributes in FortiSIEM are not supported by the REGEX operator. Hence, users need to select the Event Attribute before selecting the operator for the REGEX option to be available.

In this example, 'Event Type' is selected and the operator option has included the REGEXP & NOT REGEXP option.