Dear community, We are implementing new NVMe disks in our cluster and
currently discussing about the best redundancy methods. As these disks
are not meant to be managed by a hardware controller, we have multiple
disks (in fact 4), that can only be mo...
Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Hi all, Just as a dirty workaround: As the session timeout with
different browser windows should be fixed in v7.2: On our big screens,
the session is kept alive if a dashboard is opened in any browser tab
;)The timeout will then only happen at midnig...
There are some specific debug modes, depending on which logs to look at.
The main (phoenix) would go this way:# Configure debug mode (in that
case, we edit per shell, but you could edit this in the xml by
yourself): cp /opt/phoenix/config/log4j2.xml
...
Hi @adem_netsys, Sounds like you tried to configure an Automation Policy
oder a given webhook integration from Xsoar? This one only fetches the
incidents' XML including the 10 most recent events, not all of them. If
you like to get all the events, th...
Hi @simrankarki, I assume, you've got a paid subscription (in the demo,
the number of actions are limited). Which guide did you follow? Has the
ingestion been successful and you configured it to run automatically?
Best,Christian
Hi Rob, The last time I was involved in this issue, we changed the
localhost-files, instead of changing the apache config. Overwriting the
apache file was in version 6.something, so we switched over to replacing
the localhost-files after every update...