Hello community, I am new to FortiSIEM, I want to build a rule to detect
new devices in my network, I had the idea to create like a list
containing MAC addresses and a rule to check each time if a mac is in
that list if not it will trigger an inciden...
Hello again,I found a workaround to implement this using just the SIEM.
Here is what I did:First, I performed a search and grouped all MAC
addresses found in the SIEM over the last 7 days.I sanitized the list
and added it to the SIEM as a watch list ...
