Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rule Issue
Hello guys,
We have one default rule and when I run it, I can see the audit logs run, but it does not fall as an incident. What could be the reason for this?
Labels:
- Labels:
-
FortiSIEM
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @adem_netsys ,
It should generate an incident based on your Action.. Can you check if you have the correct time range filter in the incident dashboard?
Abdel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Yes, i have correct time range but i couldnt understand why. I have not found this error in a different version.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @adem_netsys ,
Do you have at least some incidents generated by default rules? What is FSM version?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In 7.0.2 environment we get this problem. In the latest version the same rule successfully generates the incident.