Help
FortiSIEM Discussions
mohamed44
New Contributor II

Created on ‎05-25-2024 05:13 AM

Watch Lists & Lookup Tables

Hi all,

What is the difference between the Watch lists & Lookup Table

thanks on advance

#Watch lists

#Lookup tables

Muhammed
Muhammed
Labels:
217
0 Kudos
1 REPLY 1
premchanderr
Staff
Staff

Created on ‎10-14-2024 02:53 AM

Hi @mohamed44 ,

 

Both are totally different. 

Lookup Table is a function used in Analytics to display desired result based on key and values. Non Key Column is not supported here. This is mainly used in reporting. 

 

Watchlists need not by a keyvalue, you can simply add any list of IPs, string etc in watchlist.
Also watch list can be dynamically created from raw logs or triggered rules.  Watch list can be used in rules, report etc

 

Related Documentation:

 https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/appendix-functions-lookup-table.htm?Hig...

https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/Watch_list.htm 

Regards,
Prem Chander R
90
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.