Say for example...I want to run a search in Analytics that match a certain raw log phrase, for a given period of time over a period of time? For example...all logs that show login connections, that occur between "Saturday at 5am and Sunday at Midnight" ; over the past 60 days ; to see all users who were logging in during the weekends.
OR ... even a method to trigger an incident or event that is thrown during a weekend time period, or "off hours" type time period, without having to provide a specific one time date range.
Thanks for any assistance..
Hello Paul,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello PaulHolg,
We are still looking for an answer to your question.
We will come back to you ASAP.
Thanks,
Hello PaulHolg,
I found this document:
Could you please tell me if it helped?
If not, we will find another solution to reply to your answer.
Thanks,
Hi PaulHolg
One idea would be to configure a time based exception on the rule. For example, you can configure the rule not trigger during business hours. It is possible to have multiple exceptions.
I hope it helps!
Thanks, looking at this now. I do not see a method in the Rule Exceptions -> Define Schedule to set timeframes that the rule would not be active.. There are days and dates, and ranges and durations. I'm not finding a place where I can tell it not to run during a certain time frame, every day. Please advise, Thanks for your assistance
Hey PaulHolg
The following screenshot is an example of a time based exception to run from 9am every day for 9 hours. This would mean that the rule would not trigger between 9am and 6pm every day of the week and every month of the year.
I hope that answers your question.
Thank you very much, I will give this a try.
Hi PaulHolg
I just thought you might be interested in the new feature in the latest release (7.1.0). The new feature allows you to schedule rules:
https://docs.fortinet.com/document/fortisiem/7.1.0/release-notes/671235/whats-new-in-7-1-0#Schedule2
The caveat is that your event storage type must be clickhouse.
Thanks
Richard
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.