Fortinet Community

FSM_FTNT · 06-08-2022

Description This article describes how to use a custom Rules in FortiSIEM to raise alerts for incident response related to attacks that attempt to exploit the remote code execution vulnerability CVE-2022-26134. For more information, check the FortiGu...

FSM_FTNT · 06-06-2022

Description This article describes how to use a custom Rules in FortiSIEM to raise alerts for incident response related to attacks that attempt to leverage the Follina Microsoft Office remote code execution vulnerability. Scope The Rules and Reports ...

FSM_FTNT · 05-20-2022

Description This article describes how to use custom rules in FortiSIEM to raise alerts for incident response related to attacks that attempt to leverage the Spring Cloud Gateway Actuator Endpoint Remote Code Execution vulnerability. Reports are also...

FSM_FTNT · 04-19-2022

Description This article describes how to use custom rules in FortiSIEM to raise alerts for incident response related to attacks that attempt to leverage the Microsoft Driver RCE vulnerability - CVE-2022-26809. Reports are also included to analyze pa...

FSM_FTNT · 04-04-2022

Description This article describes how to use a custom event handler in FortiSIEM to raise incidents related to attacks that attempt to leverage the Spring4Shell Vulnerability. Scope The FortiSIEM Rules and Reports helps to detect attempts to send sp...

FSM_FTNT · 07-24-2020

Hi Sean, Active = Incident is active"Auto" Cleared = Automatically Cleared by a Rule with a clear condition set.Cleared Manually = User Cleared.Cleared by System = Performance and Availability related incidents are cleared every 24 hours. You can cha...

FSM_FTNT · 07-13-2020

You're probably best getting in touch with TAC to investigate. Your disk and network config looks ok. Did you define a proxy as well? Did the Super have internet access during the install? There may be an install log under /tmp or /opt/phoenix/log wh...

FSM_FTNT · 07-13-2020

Hi Sean, fsm-01 This should be the hostname of the Windows server rather than the FortiSIEM Super. Installation logs for the new Windows agent are stored in C:\ProgramData\AccelOps\Agent\Logs\. Logs are hidden files, change Windows Explorer settings ...

FSM_FTNT · 07-13-2020

Hi, What are you using as the event DB? Did you install using the /opt/vmware/share/vami/vami_config_net script? Did you set a proxy?Can you provide output of these commands fdisk -lifconfig Any errors in /opt/glassfish/domains/domain1/logs/phoenix.l...

FSM_FTNT · 06-18-2020

Hi Mark, Have you got a sample that you can send me? Thanks

Fortinet Community

User Statistics

User Activity

Technical Tip: Using FortiSIEM to detect Confluence RCE | CVE-2022-26134

Technical Tip: Using FortiSIEM to detect Follina Microsoft Office RCE vulnerability | CVE-2022-30190

Technical Tip: Using FortiSIEM to detect Sysrv-K_Botnet Vulnerability | CVE-2022-22947.

Technical Tip: Using FortiSIEM to detect the Microsoft Windows RPC RCE vulnerability | CVE-2022-26809

Technical Tip: Using FortiSIEM to detect Spring4Shell Vulnerability | CVE-2022-22965

Re: Fortisiem Status Definitions

Re: Fortisiem browsing issue

Re: FortiSiem Agent windows

Re: Fortisiem browsing issue

Re: Import Address Ranges from FortiGate to FortiSIEM Networks.

News & Articles

Security Research

Company

Contact Us