FortiSIEM Custom Group By Settings

Forum|Forum|8 years ago
May 3, 2018
1 reply
3851 views

I am trying to set up a category filter in the group by for a 'Large Outbound Transfer' event.

Currently it groups by Source and Destination IP. Could it be possible to group by the Website Category then in the exception list I could add the website categories to ignore events from 'news & media, business, Information Technology, etc' so that the events received from FortiSIEM are more in line with what needs to be analyzed by my co-workers?

FSM_FTNT

Staff

It depends on whether the events you are reporting on contain a website category and if it is parsed.

Assuming it is and that there are sent bytes, you could do:

Display Fields

Source IP Destination IP Event Type Web Site Category SUM(Sent Bytes64) COUNT(Matched Events)

Filter

Event Type IN Group: Permit Traffic Web Site Category != something

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded