Rule Test Fails

Ezzat · ‎06-12-2023

Hello,

I am using FortiSIEM version 6.5, and created rule and test it but always end up with internal error and fail. However, I find out that even for already activated rules from the system, when I clone them, deactivate them, and then test them, they fails again with the same error " internal error, where the rule master drop rule state summary from rule worker".

What could be the issue here, given the fact that everything is working properly when I run it as a query ?

FSM_FTNT · ‎06-12-2023

Hi, we have recently found with 6.7.x an issue with the Enterprise install of FortiSIEM that the Rule test isn't working and may be affecting you. It doesn't involve a rule actually triggering, just test.

If you raise a TAC case, they can confirm if you are hitting this issue.

Ezzat · ‎06-12-2023

Thank you for your answer, I already created a ticket with the support of Fortinet but till now they didn't confirm it neither answered me yet. I also sent them some logs and text files for them to check and analyze.

FSM_FTNT · ‎06-12-2023

Hi Ezzat, please private message the TAC case and will check with the team.

Thanks

Ezzat · ‎06-12-2023

Many thanks, already sent you.

FSM_FTNT · ‎06-19-2023

We have released 6.7.6 to address the issue

921190

Minor

App Server

Rule Tests time out when run on Enterprise deployment.

https://docs.fortinet.com/document/fortisiem/6.7.6/release-notes/163219/whats-new-in-6-7-6#Bug

Rule Test Fails

Nominate a Forum Post for Knowledge Article Creation