Hi all, Does anyone know if there is a way to remove access to the
Super/Local account when creating a new user with limited access to
multiple organisations. We have tried with Role and limiting
Organization ID access but the Super/Local account is ...
Hi, Recently we received multiple logs from a FortiGate appliance that
are related to the "diag log test" command like the one below
date=2024-05-10 time=17:33:16 devname="firewall" devid="ID" eventtime=
tz="" logid="0419016384" type="utm" subtype="i...
Hi all, Just picking the brains of the community to see if someone has
found a better solution to the problem below: Problem: Receipt of a JSON
log which contains an array of critical information. Like the one
below.{ "id": 909999, "cstName": "test1"...
Hi all, Just wanted to check with the community who is using version
7.1.x and what are your views on the new GUI and the impact on internal
process for SOCs and analyst time (Incident to Analysis to Closure).
FortiSIEM Thanks, Sotiris
Hi @Shaheer256 , Two options to consider here, if the network is truly
isolated and there is no way to get a connection the best you can do is
upload the events to FortiSIEM manually, 1)
https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/An...
Hi @AliMhaerFathy , On a functional level, unused events help you cover
sudden increases in EPS (i.e. during an attack devices tend to be more
verbose, a firewall can easily go from 400EPS to 2,500 during an
attack). Also a second point is to give yo...
Hi @adem_netsys , Yes if you do not want to monitor the system
performance PH_DEV_MON can be excluded from collection and that will
lower your EPS count or you can change the polling interval to make it
less aggressive, hence collecting less data. Th...
Hi @adem_netsys , Very difficult question to answer, it all depends on
your objectives and what the PAM platform is trying to protect. For
example an organisation might want to keep all possible logs on a SIEM
to verify that there is no data manipula...
Hi @adem_netsys , Lockout duration is stored in ph_user table ->
lockout_duration of psql. I have not tried modification and not sure if
any change will cause operational issues. Regards,S
