Fortinet Community

cdurkin_FTNT · 12-15-2020

Syslog notification action script, to send a message to a 3rd party analytics tool on Incident generation/clear etc.

cdurkin_FTNT · 11-06-2020

How to import MISP data threat feeds in to FortiSIEMNote: requires "jq" to be installed on the Supervisor node. wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod +x ./jqcp jq /usr/bin

cdurkin_FTNT · 05-26-2023

Correct .. I do not believe there is an API for adding to the Resources Tab -> Networks.

cdurkin_FTNT · 05-26-2023

Not sure I completely understand the question .... but if it is can ip ranges be defined, then yes .. single IP, IP-IP etc.. 192.168.2.10, 172.16.10.28, 192.168.0.10-192.168.0.404

cdurkin_FTNT · 05-26-2023

You could look into the API if you have knowledge of scripting https://docs.fortinet.com/document/fortisiem/6.7.5/integration-api-guide/435603/create-or-update-credentials

cdurkin_FTNT · 05-18-2023

Profile Number.. /opt/phoenix/data-definition/profile/ProfileReports.xml Source traffic profile ... Covered in NSE7 FortiSIEM Advanced Analytics Courseware

cdurkin_FTNT · 10-22-2022

Absolutely your method for these kinds of logs is correct...You would just create as many case statements as needed. In some cases you might set two or more cases to the same eventType as below.PasswordState-Login-SuccessPasswordState-Login-SuccessPa...

Fortinet Community

User Statistics

User Activity

HOWTO - Syslog Notification Action

HOWTO - Import MISP Data

Re: Import bulk list of IP addresses into Discovery

Re: Import bulk list of IP addresses into Discovery

Re: Import bulk list of IP addresses into Discovery

Re: STAT_STDDEV Function Explanation

RE: Passwordstate parser?

Re: Import bulk list of IP addresses into Discover...

Re: STAT_STDDEV Function Explanation

HOWTO - Import MISP Data

HOWTO - Syslog Notification Action

RE: Windows Log Parsing Issue

Re: STAT_STDDEV Function Explanation

Fortinet Training Institute

FortiSIEM