I’m trying to build a custom rule in FortiSIEM with the following
logic:If a specific user (e.g., abc) deletes 3 accounts within 10
minutes, an incident should be triggered.However, if the same user
deletes another 3 accounts within the next 2 hours,...
Hi All, I want to create a watchlist with around 100 keyword
entries.Each entry contain wildcards (*).In rule condition, I want
FortiSIEM to check whether an event attribute matches any of the
wildcard (regex) patterns from the entire watchlist.If a ...
We are planning a FortiSIEM ClickHouse deployment with an expected EPS
of 15,000, using the following architecture: 1 Supervisor Node (without
a dedicated data disk — i.e., no Disk 5)1 Worker Node (with a data disk,
intended to store all event data) ...
Hi Team, Could someone please guide me on can we add fortisiem agent
while have splunk agent is in the system ? do we need add exceptions ?
What to look for before adding agents ? Is there any performance issue ?
@Secusaurus @Anthony_E
Have Cluster setup of 3 supervisors with automated HA and 2 workers on
7.3.2. Followed the steps mentioned on 7.4.0 upgrade as follows To run
the cluster upgrade:Collectors can remain up and running. Workers will
be stopped via the cluster upgrade sc...
@FSM_FTNT I have one more question: Does the setup you suggested
function as an automated HA? According to the documentation, "automated
HA is supported for hardware appliances, ESX-based VMs, and AWS public
cloud." Or will it follow the Leader/Follo...
