Fortinet Community

FSM_FTNT · 12-06-2022

Description This article describes how the Rules and Reports the FortiSIEM Content Update service provides access to in order to detect potential incidents or compromises. Scope This article applies to FortiSIEM. The Rules and Reports provided with t...

FSM_FTNT · 11-01-2022

Description This article describes how to use custom Rules in FortiSIEM to perform an incident response to attacks that attempt to leverage the Apache Commons Text Interpolation Remote Code Execution vulnerability. A report is also provided to gain h...

FSM_FTNT · 11-01-2022

Description This article describes how to use custom Rules in FortiSIEM to perform an incident response to attacks that attempt to leverage the Apache Commons Text Interpolation Remote Code Execution vulnerability. A report is also provided to gain h...

FSM_FTNT · 10-06-2022

Description This article describes how to use custom Rules in FortiSIEM to identify incidents related to attacks that attempt to leverage the Microsoft Exchange ProxyNotShell vulnerabilities. A report is also provided to gain historical visibility in...

FSM_FTNT · 09-26-2022

Description This article describes how to use custom Rules in FortiSIEM to raise incident response related to attacks that attempt to leverage the WordPress WPGateway Plugin vulnerability. A report is also provided to gain historical visibility into ...

FSM_FTNT · 09-21-2022

It is not currently possible to limit by on a group.------------------------------DanielFortiSIEM Product Manager-------------------------------------------------------------------------Original Message:Sent: Sep 20, 2022 08:26 AMFrom: E VSubject: Fo...

FSM_FTNT · 09-16-2022

What if you added a group by on the Event Receive Date? Does that help?------------------------------DanielFortiSIEM Product Manager-------------------------------------------------------------------------Original Message:Sent: Sep 15, 2022 09:26 PMF...

FSM_FTNT · 07-28-2022

Hi Manuel,With ClickHouse the storage is virtual disks attached to the Super or Worker VM, as you mention you can still use NFS as an archive destination and that will utilise the FortiSIEM eventDB.ThanksDan------------------------------DanielFortiSI...

FSM_FTNT · 06-27-2022

Hi IvanWindows OMI integration should continue to work.We introduced OMI support in FortiSIEM from version 6.3.3 https://docs.fortinet.com/document/fortisiem/6.3.3/release-notes/749147/whats-new-in-6-3-3 and details can be found here https://docs.for...

FSM_FTNT · 03-01-2022

Hi Moh,SNMP is only for Discovery and Performance monitoring.You'll also need to discover with WMI/OMI or use the Windows Agent if you want to get the logs in https://docs.fortinet.com/document/fortisiem/6.4.0/external-systems-configuration-guide/421...

Fortinet Community

User Statistics

User Activity

Technical Tip: Using FortiSIEM Content Updates to detect activities identified by FortiGuard Outbreaks service

Technical Tip: Using FortiSIEM to detect activities related to the Prestige Ransomware

Technical Tip: Using FortiSIEM to detect Apache Commons Text Interpolation Remote Code Execution | CVE-2022-42889

Technical Tip: Using FortiSIEM to detect Microsoft Exchange ProxyNotShell Vulnerabilities

Technical Tip: Using FortiSIEM to detect the WordPress WPGateway Plugin Vulnerability | CVE-2022-3180

RE: FortiSEIM round values

RE: FortiSEIM round values

RE: FortiSIEM 6.6.0 Released

RE: WMI Problem CVE-2022-30190

RE: SNMP

FortiSIEM Reference Architecture

FortiSIEM Incidnet Dashboard

FortiSIEM UEBA - Widget Dashboards

RE: FortiSIEM Custom Parser

1

RE: FortiSIEM - Log4j - Mitigating CVE-2021-44228

RE: Analytics using two different log sources

RE: Analyzing Custom Fles

RE: FortiSIEM - Custom Definitions

RE: FortiSIEM Custom Parser

Fortinet Training Institute

Broad. Integrated. Automated.

Security Research

Company

News & Articles

Contact Us