FortiSIEM Analytics Search for a certain time period, over a period of time.
Say for example...I want to run a search in Analytics that match a certain raw log phrase, for a given period of time over a period of time? For example...all logs that show login connections, that occur between "Saturday at 5am and Sunday at Midnight" ; over the past 60 days ; to see all users who were logging in during the weekends.
OR ... even a method to trigger an incident or event that is thrown during a weekend time period, or "off hours" type time period, without having to provide a specific one time date range.
Thanks, looking at this now. I do not see a method in the Rule Exceptions -> Define Schedule to set timeframes that the rule would not be active.. There are days and dates, and ranges and durations. I'm not finding a place where I can tell it not to run during a certain time frame, every day. Please advise, Thanks for your assistance
The following screenshot is an example of a time based exception to run from 9am every day for 9 hours. This would mean that the rule would not trigger between 9am and 6pm every day of the week and every month of the year.
I hope that answers your question.
There are old engineers and bold engineers, but no old, bold, engineers
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.