Hello,We are trying to adjust the threshold for the Fortigate DOS IPv4
L4 anomalies rule because it triggers too many incidents on our
FortiSIEM.The issue is that it is hard to know how far the threshold
(5000 pps in our case) is overtaken.The raw lo...
I did a ticket #10493399 and the answer was (partially) in this doc:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Information-about-Count-field-in-anomaly-log/ta-p/196685To
summarize:-the FTG L4 anomalies measures fps every 60s (and then...
