Question
Fortianalyzer customize etected-Botnet Report
Hi Guys,
Could you help me to customize the Detected-Botnet Report to send a report if the counters are more than 100 counters?
I've tried it: select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, count(*) as totalnum from $log where $filter and count = <100 group by user_src order by totalnum desc... but it's not working.