Help
FortiSIEM Discussions
MBerube
New Contributor

Created on ‎10-03-2024 06:36 AM

Import rules with event type groups

Hi,

 

I have to import rules to a production SIEM.  Many of these rules contains a eventType IN (Group@PH_SYS_EVENT_Group).

 

We have noticed those conditons are broken when imported in the new SIEM and we have to remap them manually to the event type group.

 

My question:  Is there a quicker way to make those statements working?

 

Thanks,

226
0 Kudos
1 Solution
premchanderr
Staff
Staff

Created on ‎10-03-2024 07:18 PM

Hi @MBerube ,

 

Custom groups are unique to a system and upon manual import you would have to re-map them. 

 

Unfortunately no other workaround to perform bulk  re-mapping objects.

Regards,
Prem Chander R

View solution in original post

200
3 REPLIES 3
premchanderr
Staff
Staff

Created on ‎10-03-2024 07:18 PM

Hi @MBerube ,

 

Custom groups are unique to a system and upon manual import you would have to re-map them. 

 

Unfortunately no other workaround to perform bulk  re-mapping objects.

Regards,
Prem Chander R
201
MBerube
New Contributor
In response to premchanderr

Created on ‎10-04-2024 04:40 AM

All right.  Thanks.

187
0 Kudos
premchanderr
Staff
Staff
In response to MBerube

Created on ‎10-04-2024 04:47 AM

You are welcome :) 

Regards,
Prem Chander R
175
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.