Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
acurry
New Contributor

FortiSIEM Custom Group By Settings

I am trying to set up a category filter in the group by for a 'Large Outbound Transfer' event.

 

Currently it groups by Source and Destination IP. Could it be possible to group by the Website Category then in the exception list I could add the website categories to ignore events from 'news & media, business, Information Technology, etc' so that the events received from FortiSIEM are more in line with what needs to be analyzed by my co-workers?

1 REPLY 1
FSM_FTNT
Staff
Staff

It depends on whether the events you are reporting on contain a website category and if it is parsed.

 

Assuming it is and  that there are sent bytes, you could do:

 

Display Fields

Source IP Destination IP Event Type Web Site Category SUM(Sent Bytes64) COUNT(Matched Events)

 

Filter

Event Type IN Group: Permit Traffic Web Site Category != something

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors