Help
FortiSIEM Discussions
KevinCanalichio1
New Contributor

Created on ‎05-28-2021 07:51 AM

Alerts for 0 events

Does anyone know how to create an alert in fortiseim that will alert if no events the match the filter in a 24 hours period.

I have tried matched events = 0  and matched events = NULL, but neither seem to work
202
0 Kudos
1 REPLY 1
KarnGriffen
New Contributor III

Created on ‎06-01-2021 12:46 PM

There is no great way to do this.  I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.-------------------------------------------
Original Message:
Sent: May 28, 2021 07:51 AM
From: Kevin Canalichio
Subject: Alerts for 0 events

Does anyone know how to create an alert in fortiseim that will alert if no events the match the filter in a 24 hours period.

I have tried matched events = 0  and matched events = NULL, but neither seem to work
202
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.