Re: FortiSIEM Database purpose

Secusaurus · 09-02-2024

Dear community, We are implementing new NVMe disks in our cluster and currently discussing about the best redundancy methods. As these disks are not meant to be managed by a hardware controller, we have multiple disks (in fact 4), that can only be mo...

Secusaurus · 03-01-2024

Hi everyone, I'd just like to exchange thoughts or practices about baseline-focused rules on the FortiSIEM:At the moment, about 80% of our Incidents are "Sudden increase in ...", as we narrowed down all the other rules to not trigger on False Positiv...

Secusaurus · 01-15-2024

Hello everyone, We are continuously experiencing the incident "High performance monitoring delay from Collector or Worker SIEM Supervisor" on our FortiSIEM platform. That one is triggered as soon as the Event Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...

Secusaurus · 01-04-2024

Dear Community support, I've had a custom avatar image a while (think, I've set this two-three years ago) and tried to update it recently. But my finger was too fast, so I got one of the "community avatars" now.Now, my question is: How can set a cust...

Secusaurus · 12-06-2023

Hello all, We are in discussion with a customer that likes to host the FortiSIEM on prem but considers moving to our multi-tenant-cloud-environment some day in future.As we are just setting up the SIEM, I would like to build the environment in a way ...

Secusaurus · 09-12-2025

Hi @AlexPien, I would just let postresql write to syslog and arrange the machine to send syslog to your collector. Best,Christian

Secusaurus · 09-10-2025

Hi @shaheerkhalid256, could you just confirm:10.10.1.11 is your supervisor's IP and is within reach of this collectorThe password either really is `password` or your command contains the correct oneAll of your 10 collectors are for the same organizat...

Secusaurus · 09-01-2025

Hi @insiders, Update to my last post: When doing an IPv6 packet capture, you can see in the DHCPv6 information the length of the prefixes the ISP distributes. You then need to define the exact same length (line: set prefix-hint ::/56 ) on the FG. Thi...

Secusaurus · 08-31-2025

Hi @lithichok, We are MSSP as well. and run it quite the same way as Alex describes it. It scales perfectly, but you must prepare for scaling before starting to implement the system (just like any other system as well). But you can start and integrat...

Secusaurus · 08-31-2025

Hi everyone, Just as a note: At the moment, a workaround is the only option. The database query using watchlists only understands "is it in the list?", which means a 100% match. You could, however, have a look at the Advanced Queries (from 7.3 onward...

User Statistics

User Activity

Clickhouse: Software-RAID on worker recommended?

Your experience with Baseline-Rules?

FortiSIEM: Find out triggering device for "PH_RULE_NO_PERFMON_VIA_AO" incidents?

Community Forum: Change the user avatar to custom image

FortiSIEM: Moving database to another instance

Re: Best Practise to add PostGreSQL to FortiSIEM

Re: Collector Registration Failed

Re: Not receiving IPv6 address in PPPoE tunnel

Re: Fortisiem experience

Re: Can we add wildcards in Watchlist

Re: FortiSIEM Database purpose

Re: FortiSIEM - Can we deploy fortisiem collector ...

Re: Worker denying logs from Collector (FortiSIEM)

Re: FortiAuthenticator SAML for FortiSIEM

Re: FortiSIEM cluster upgrade from 7.3.2 to 7.4.0 ...

Re: FortiSIEM ClickHouse Deployment Architecture: ...

Re: Can we add fortisiem agent while have splunk a...

Re: FortiSIEM version for production environment -...

Re: ClickHouseServer service is down

Re: Fortisiem services down

FortiSIEM

User Statistics

User Activity

You are leaving our website