Help
FortiSIEM Discussions
grodgonfib
New Contributor

Created on ‎07-22-2025 04:47 AM

FortiSIEM: Lookup with domains Event URL

Hi everyone,

 

I'm working with FortiSIEM 7.2.3 and I have a use case where I need to validate whether the domain found in the Event URL field is authorized, using a custom lookup table (AuthorizedStorageTenants, column StorageDomain).

 

Example domains / applications

 

s3.eu-west-1.amazonaws.com/myapplicationone.off
content.myapplicationtwo.com
files.mystorage.com

 

 

If the domain is amazonaws.com, instead checking vs domain I want to check vs path (myapplication.off), because I dont want to "allow" all amazonaws.com ... 


My goal is to trigger an alert only if the domain or amazonaws.com path isn't in the lookup.

 

Has anyone implemented something similar or has recommendations on how to structure this logic efficiently

Thanks in advance!

Labels:
114
0 Kudos
0 REPLIES 0
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.