Dear community, We are implementing new NVMe disks in our cluster and
currently discussing about the best redundancy methods. As these disks
are not meant to be managed by a hardware controller, we have multiple
disks (in fact 4), that can only be mo...
Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Hi @wvthoognl, We are also having issues with the correct deployment of
IPv6 with our ISP (Deutsche Telekom), but I think, we are one step ahead
of your setup. Please note that you posted your ISP-password above. In
case you can edit your post, you s...
Hi @adem_netsys, We experience different parsing of Windows Agent logs
in every version of the cluster and the agent. It seems like they
constantly change how the Agent sends and how the FSM parses the
received information.So, in our experience, make...
Hi @horasjey, For category-based filters, the box is querying FortiGuard
service which do require a license.If you only use custom filters, this
should work without license as well. But at least certificate inspection
is needed to let the according f...
Hi @adrifesa95, Note that the IP-address/FQDN you provide in the
installation is not the place where you define how the Agent
communicates. Do you have correct IPs in you Admin Settings (Cluster
Config)? If yes:Do you receive any kind of log/status b...
Hi @Himanshu735, Did you configure the cluster config correctly (admin
settings)?After registering, the Collector receives the IPs/FQDNs you
entered in that setup and uses these instead of what you provided in the
setup.If they are unset, it uses the...
