Dear community, Maybe anyone else already wrapped his/her around this on
FortiSIEM:I am looking for an aggregation function in the
analytics/report generation that behaves like the SQL "concat" command,
meaning writing all the values of all rows into...
Dear community, We are using FortiAuthenticator as External
Authentication source for our FortiSIEM-users, providing us MFA. At the
moment, we followed the guide for External Authentication Settings and
set up this integration via RADIUS.It works fin...
Dear community, At the moment, we only have one public IPv4 address left
to put the FortiSIEM cluster behind.This has some implications:- We
cannot differentiate user traffic from collector traffic (which I would
like to use to limit the source IPs o...
Hi everyone, As the FortiSIEM case view is not fitted very well for our
(MSSP) team communication, knowledge base or even monitoring what's to
be done right now, we need to move on to our custom ticket systemI think
that not very much people really w...
Hi Dan, Yes, you are absolutely right, that is the table I'd prefer to
have. A MySQL-query would look like this:SELECT GROUP_CONCAT(`Host
Name`), `Vulnerability` FROM ... Best,Christian
Hi @sioannou , Thanks for your thoughts!"This is not possible" is a
valid answer here - not satisfying, but valid ;) I agree that I could
wrap my head around watchlists or trying to generate Incidents that
eventually contain the information I was loo...
Ok, now, as promised, here is the step-by-step guide: On
FortiAuthenticatorDo the general setup of FAC, which includes defining
IP addresses, access ports, etc.Create user(s) that match exactly the
users you like to use on FortiSIEM. You can connect ...
Hi @sioannou, I've now started configuring the main options. I will list
them in a full setup here, once it works.I am currently stuck on
FortiSIEM explaining meInvalid username or password or organization.
ErrorCode : 3001 I've created custom attrib...
Hi @sioannou, Thanks for your detailed answer!In fact, I would love to
have some kind of step by step guide for setting up both sides, just
like the Okta or AAD setup is in the docs. But I have to admit, I have
not done any SAML integration anywhere ...