Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
guilherme_ramalho
New Contributor

How to create a baseline profile in FortiSIEM?

From what I could study and verify, in order to perform the creation of the rule based on an average and extract the %, we need before that to have created within FortiSIEM what is known as “Baseline Profile”.

In short, the baseline is an intelligence that, based on calculations, compares the values ​​of events every day.
Based on these calculations and storage of these data, it is created through a "baseline profile" and it is possible to extract an average/minimum/maximum/deviation, so that we can use the formula below and get the final result I expect. See an example:

1.05*STAT_AVG(COUNT(Matched Events):122)

All her parameters are easy to understand, except this number at the end "122".
Well, this 122 is the Baseline Profile ID. That's what I need to create.

I also did 2 training modules on the topic on Fortinet's own website, at NSE7 Advanced Analystics.
There they show what the Baseline is, how it does the calculations (concept) of MIN, MAX, AVG and DEVIATION of the baseline profile (ready examples).
But they don't show you how to create a baseline profile.

After all the above scenario, I bring my question: Is there any KB that can help me create this baseline profile?
Or someone knows the subject to help me?

Thank you!
1 REPLY 1
Richie_C
Staff
Staff

Hi

 

I found the following article useful when creating my own baseline reports.

 

https://community.fortinet.com/t5/FortiSIEM/Technical-Tip-How-Baseline-works-and-troubleshooting/ta-...

 

Best regards

Take a backup before making any changes
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors