Help
FortiSIEM Discussions
mohamed44
New Contributor II

Created on ‎05-25-2024 05:01 AM Edited on ‎05-25-2024 05:14 AM

Rules Detection Technology

Hi All,

What is the difference between the Detection Technologies on rules as its not clarified on previous versions of documentations

thanks, on advance

#Rules

Muhammed
Muhammed
Labels:
230
0 Kudos
1 REPLY 1
cdurkin_FTNT
Staff
Staff

Created on ‎06-11-2024 06:43 AM

Classification of the technology being used for the rule.

 

#Correlation - most common rule type. Pattern based.

 

Examples to review:
-> Account Locked: Domain
-> Suspicious Logon Failure without following successful login


#Correlation Using Lookup Table - also Pattern based but uses data from a Lookup table in the evaluation of the pattern. (The lookup table needs to be populated via the import button)

 

Examples to review:
-> Uncommon Linux process Created
-> Uncommon Server Login

 

#Machine Learning - References that backend AI models are being used to generate the alerts. For UEBA alerts.

 

Examples to review:
-> UEBA AI detects unusual file deletion
-> UEBA AI detects unusual file renamed


#Profiling - Uses the statistical baselining data to alert on a change in behaviour over time. (sqlite db)

 

Examples to review:
-> Sudden Increase In DNS Requests From A Specific Host
-> Sudden User Location Change

158
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.