Does anyone have any suggestions on how to add an IOC event into event management, so that I can be notified via email?
Wow, I was surprised to see that someone had the exact same question I had. Then I quickly realized it was me.
Event management is base on single log field check, IOC is based on statistic calculation, so far it cannot be customized in event management.
But it would be an interesting idea for a new feature to build upon IOC. To generate a new log entry (maybe a new log type called IOC) for each entry in the IOC listing. Anyway, best to approach your Fortinet sales team (or partner) if this would be of value to you.
So what and how would you have a trigger for IoC in the FAZ? Would it be purely network behavioral at that point ( volume or number of sessions )?
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.