FortiNDR (on-premise)
On-premise where solution process and store data on customer’s network. Supports Netflow and OT deployments.
cysaw
Staff
Staff
Article Id 346337
Description This article describes how to use the Source IP for the ML configuration in the FortiNDR Center mode
Scope

FortiNDR.

Solution
  1. The source IP group means that it will only detect anomalies within the configured IP range. For any IP outside of the configured source IP group, it will not trigger the anomalies detection.


cysaw_0-1727843650635.png

 

  1. Configuring the source IP group for ML configuration will reduce unnecessary anomalies from the network to only focus on the critical anomalies.
  2. If the source IP for the ML configuration is not configured, the FortiNDR will detect all the anomalies from the network.
Contributors