From what I could study and verify, in order to perform the creation of the rule based on an average and extract the %, we need before that to have created within FortiSIEM what is known as “Baseline Profile”.
In short, the baseline is an intelligence that, based on calculations, compares the values of events every day.
Based on these calculations and storage of these data, it is created through a "baseline profile" and it is possible to extract an average/minimum/maximum/deviation, so that we can use the formula below and get the final result I expect. See an example:
All her parameters are easy to understand, except this number at the end "122".
Well, this 122 is the Baseline Profile ID. That's what I need to create.
I also did 2 training modules on the topic on Fortinet's own website, at NSE7 Advanced Analystics.
There they show what the Baseline is, how it does the calculations (concept) of MIN, MAX, AVG and DEVIATION of the baseline profile (ready examples).
But they don't show you how to create a baseline profile.
After all the above scenario, I bring my question: Is there any KB that can help me create this baseline profile?
Or someone knows the subject to help me?