Dear community, We are implementing new NVMe disks in our cluster and
currently discussing about the best redundancy methods. As these disks
are not meant to be managed by a hardware controller, we have multiple
disks (in fact 4), that can only be mo...
Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Hello @Levi_Li, We are MSSP and managing multiple customers with our
supervisor being on the other side of the internet. So yes, this is a
very common setup. Note, that in a PoC, an SE should probably be the
right person to speak to for deeper questi...
Hello @Ireda1, Unless you are using log filtering on the FSM, these
events should be there. Every event you can see in the FortiGate log is
forwarded via syslog to the SIEM (or using the hop through the
FortiAnalyzer). Have a look at the parameters i...
Hi @KarlH, The output you have here is the one to expect right after
uploading and should change after a few minutes to 100 or disappear
completely (as it is the image prep task you see here). As far as I
understand, it is recommended to do every upd...
Hello @KarlH, I think there is some knowledge missing concerning the
database types.As you can see in the screenshot, FSM supports different
kinds of databases. EventDB (local, or on NFS), ClickHouse and
Elasticsearch.This database will be used for a...
