This article describes a FortiSIEM database error that occurs when importing rules, resulting in duplicated rules that cannot be deleted from the graphical user interface (GUI) and provides a step-by-step solution to resolve this issue by deleting the duplicated rules from the backend using command-line interface (CLI) commands.
Scope
FortiSIEM.
Solution
To resolve the FortiSIEM database error on importing rules resulting in duplication, run the commands below:
psql -U phoenix phoenixdb -c "select * from ph_drq_rule where id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "delete from ph_drq_rule where id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "select * from ph_drq_rule2technique where rule_id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "delete from ph_drq_rule2technique where rule_id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "delete from ph_drq_rule where id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "select * from ph_drq_rule2event_filter where rule_id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "delete from ph_drq_rule2event_filter where rule_id = XXXXXXX4090;" psql -U phoenix phoenixdb -c "delete from ph_drq_rule where id = XXXXXXX4090;"
