Hi,
I have to import rules to a production SIEM. Many of these rules contains a eventType IN (Group@PH_SYS_EVENT_Group).
We have noticed those conditons are broken when imported in the new SIEM and we have to remap them manually to the event type group.
My question: Is there a quicker way to make those statements working?
Thanks,
Solved! Go to Solution.
Hi @MBerube ,
Custom groups are unique to a system and upon manual import you would have to re-map them.
Unfortunately no other workaround to perform bulk re-mapping objects.
Hi @MBerube ,
Custom groups are unique to a system and upon manual import you would have to re-map them.
Unfortunately no other workaround to perform bulk re-mapping objects.
All right. Thanks.
You are welcome :)
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.