Dear community, We are implementing new NVMe disks in our cluster and
currently discussing about the best redundancy methods. As these disks
are not meant to be managed by a hardware controller, we have multiple
disks (in fact 4), that can only be mo...
Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Hi @thiago_inorpel, I am not sure if the empty line of "Used Parser"
means that the parser just did not correlate to the event, but from what
I see, the eventFormatRecognizer looks correct.Looking
at1\s+(?P\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z)...
Hi @anshulFlexis, I assume, you did check that there is no
object/credential/configuration linked to the collector anymore,
correct? Is this a collector of an organization you are taking offline?
Or is the org still online?Do you still have more coll...
Hi @beingarif, Your mentioned scenario should be possible.There is also
some documentation in the official guides on how to remove workers or
shards in case you run in trouble with recreating the one you like to
move, see:
https://help.fortinet.com/f...
Hi @gauravpawar, Unfortunately, I do not know any installation script
that can run on a bare machine.As every one of the releases is designed
for a specific platform, I would assume that just copying the raw data
from these images won't work well eit...
Hi @thiago_inorpel, Do you use ClickHouse? Do you have an all-in-one
deployment or Supervisor and Workers in a cluster? Can you search
through past events in Analytics or do you only (or don't) see events in
realtime Analytics view? As you stated, ev...
