Hi, I would like to understand how the "Sudden User Location Change"
alert works since sometimes I see that only 1 event generates the alert,
and when making a query with the "PH_USER_MON_SUDDEN_LOC_CHANGE" no
information is obtained
Hi, I am trying to create an IPV6 address range in the CMDB fortisiem to
query using the "in" operator and the IPV6 address range created in the
CMDB in the search filters but this is not working, the fortisiem
version is 7.0.1.0038 , how can I do it...
Hi, I would like to understand the FortiSIEM rule "No logs from a
device" which I think is when a device stops sending logs for 10
minutes, I have many alerts and I want to increase the time from 10
minutes to 1 hour, How i can do it?
I understand the logic with which the rule works, but according to what
I have analyzed this does not really work, sometimes a single source IP
address generates the "Sudden User Location Change" alert, the events do
not show a geolocation change.I t...
