Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
mbenvenuti
Staff
Staff

Created on ‎12-16-2024 01:14 AM Edited on ‎12-16-2024 01:16 AM By Moderator

Article Id 364933

Technical Tip: How to clear the baseline profile database

Description This article describes how to clear the baseline profile database.
Scope FortiSIEM.
Solution

Incidents raised with names like 'Sudden increase...' or 'Sudden decrease...' are defined by baseline rules. Those rules trigger statistics that are stored in a profile database and the changes are noticed along with the usual behaviors.

Those stats may need to be cleared to avoid wrong or inconsistent rule triggering.

 

To clear the baseline profile database, run the next commands from super CLI as root:

cd /opt/phoenix/cache

rm profile.db
rm profile.db-shm
rm profile.db-wal

rm daily.db
rm daily.db-shm
rm daily.db-wal

phtools --stop phReportMaster
phtools --start phReportMaster

 

After those commands, the profiles are cleared and restarted to create fresh statics.

 

61
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.