Dear community, We are implementing new NVMe disks in our cluster and
currently discussing about the best redundancy methods. As these disks
are not meant to be managed by a hardware controller, we have multiple
disks (in fact 4), that can only be mo...
Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Hi @KT06, Have a look at the documentation:
https://docs.fortinet.com/document/fortisiem/7.4.2/user-guide/505465/scheduling-reportsIf
there's still something unclear to you, feel free to ask! For mail
notifications: The "Server Account ID" is the use...
Hi @mistan, FSM on a local deployment needs ca. 16-64 CPUs and 64-128 GB
RAM. Even if there would be a free license, the sheer amount of Azure
Resources you'd consume here, would cost a vast amount of money. If you
like to get some insights, you coul...
Yes, for any log you receive in Analytics (historical, not live), you
should see a matching CMDB entry which is matched against the IP-address
you find as "Reporting IP" in your logs.If this is not the case, you
could configure it manually. But since...
Hi @beingarif, I'll try to answer that, although it's more on the
Hypervisor-side than on FSM. In a usual deployment, the backup concept
of Events would be to have multiple workers on the same Shard (=
Replicas) which do have the identical data and j...
Hi @adem_netsys, If you are on a multi-tenant deployment, I am sure you
made sure you selected the correct organization, correct? ;) When
receiving logs from a device, a new CMDB entry only pops up if this IP
(seen from the Collector which receives t...
