Hi ALL, We have deployed three All-in-One supervisor nodes (S1, S2, S3)
configured in automated HA. FortiSIEM version 7.3.2. All nodes were
active and in good health initially.After about 20 days, one of the
follower nodes (S2) went down and remained...
I’m trying to build a custom rule in FortiSIEM with the following
logic:If a specific user (e.g., abc) deletes 3 accounts within 10
minutes, an incident should be triggered.However, if the same user
deletes another 3 accounts within the next 2 hours,...
Hi All, I want to create a watchlist with around 100 keyword
entries.Each entry contain wildcards (*).In rule condition, I want
FortiSIEM to check whether an event attribute matches any of the
wildcard (regex) patterns from the entire watchlist.If a ...
We are planning a FortiSIEM ClickHouse deployment with an expected EPS
of 15,000, using the following architecture: 1 Supervisor Node (without
a dedicated data disk — i.e., no Disk 5)1 Worker Node (with a data disk,
intended to store all event data) ...
Hi Team, Could someone please guide me on can we add fortisiem agent
while have splunk agent is in the system ? do we need add exceptions ?
What to look for before adding agents ? Is there any performance issue ?
@Secusaurus @Anthony_E
