Re: FortiSIEM: Find out triggering device for "PH_...

premchanderr · 03-15-2024

Description This article describes how to troubleshoot the 'Connection Refused' error in FortiSIEM GUI > Analytics search Scope FortiSIEM v6.x+. Solution When running a search in analytics it immediately fails with a 'Connection Refused' error even f...

premchanderr · 01-17-2024

Description This article describes how to resolve the Collector Clock Skew alert in FortiSIEM GUI. Scope FortiSIEM v7.0 Solution Collector Clock Skew error is received when collector time is not in sync with Super. Make sure that Collector and Super ...

premchanderr · 11-29-2023

Description This document describes why few IP Addresses are included/excluded in the Fortiguard Threatfeed List. Scope FortiSiem v6.x+. Solution To confirm the legitimacy of an IP address or a list, you need to validate in https://ioc.fortiguard.com...

premchanderr · 11-14-2023

Description This article describes how to acquire a system health assessment of all FortiSIEM nodes. Scope FortiSIEM v6.x+. Solution SSH via root and run the below command to get the health report of all FortiSIEM nodes - supervisor, collector, and w...

premchanderr · 03-19-2024

Hi @Jesisidabuliu , You would need to shutdown the worker, from worker CLI and then begin super upgrade. SSH to worker: # phtools --stop ALL # shutdown -h now

premchanderr · 03-18-2024

Hi, Yes you can use phtools command as well. The worker or any FSM node would be automatically rebooted after upgrade completes. For anytime you want to reboot a Fortisiem Node, you can use below command:# phxctl reboot

premchanderr · 03-18-2024

Hi @Bruce7x2 , If it was syslog then could have exported the parser and used in earlier version. But since its via API and involves Test Connectivity, you would need to upgrade to version that supports this.

premchanderr · 03-18-2024

Hi Siang, Unfortunately its not possible to discover without DB username and password. All suggested methods are listed in external systems configuration guide Documentation: https://docs.fortinet.com/document/fortisiem/7.0.3/external-systems-configu...

premchanderr · 03-18-2024

Hi @yadde , To reduce false positives you can perform the below: - Create a watchlist and add that in rule exceptions. Like the rule not to be triggered for certain IPs or users. Documentation :https://help.fortinet.com/fsiem/7-1-4/Online-Help/HTML5_...

User Statistics

User Activity

Technical Tip: The 'Connection Refused' error in FortiSIEM GUI

Technical Tip: Collector Clock Skew Alert on FortiSIEM GUI

Technical Tip: IP Address Validation of FortiSIEM FortiGuard ThreatFeed Update

Technical Tip: Comprehensive Health Assessment for the FortiSIEM cluster

Re: Upgrade 6.7.5 to 7

Re: Upgrade 6.7.5 to 7

Re: Does FortiSEM support VisionOne and is an update required for support?

Re: FortiSIEM - MySQL database discover via JDBC

Re: Fortisiem question

Re: FortiSIEM: Find out triggering device for "PH_...

Technical Tip: Comprehensive Health Assessment for...

Re: Devices status

Re: FortiSiem - AIX server regstration

Re: Maximum message length for FortiSiem

Re: phAnomalyWorker & phAnomalyMaster services DOW...

Re: Configuring SSH on FortiSIEM to communicate wi...

Re: Analytic : Availability Incidents "No logs fro...

Re: Fortisiem Windows Agent

Re: [Analytic Search] - average Inbound / Outbond ...

FortiSIEM

KCS