From what I could study and verify, in order to perform the creation of the rule based on an average and extract the %, we need before that to have created within FortiSIEM what is known as “Baseline Profile”.
In short, the baseline is an intelligence that, based on calculations, compares the values of events every day.
Based on these calculations and storage of these data, it is created through a "baseline profile" and it is possible to extract an average/minimum/maximum/deviation, so that we can use the formula below and get the final result I expect. See an example:
1.05*STAT_AVG(COUNT(Matched Events):122)
All her parameters are easy to understand, except this number at the end "122".
Well, this 122 is the Baseline Profile ID. That's what I need to create.
I also did 2 training modules on the topic on Fortinet's own website, at NSE7 Advanced Analystics.
There they show what the Baseline is, how it does the calculations (concept) of MIN, MAX, AVG and DEVIATION of the baseline profile (ready examples).
But they don't show you how to create a baseline profile.
After all the above scenario, I bring my question: Is there any KB that can help me create this baseline profile?
Or someone knows the subject to help me?
Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
I found the following article useful when creating my own baseline reports.
Best regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.