Hi all, Has anyone integrated MS Sentinel with FortiSIEM for
ingestion?We are talking FortiSIEM ingesting data from the Microsoft
Sentinel API. Thanks, S
Hi all, Does anyone know if there is a way to remove access to the
Super/Local account when creating a new user with limited access to
multiple organisations. We have tried with Role and limiting
Organization ID access but the Super/Local account is ...
Hi, Recently we received multiple logs from a FortiGate appliance that
are related to the "diag log test" command like the one below
date=2024-05-10 time=17:33:16 devname="firewall" devid="ID" eventtime=
tz="" logid="0419016384" type="utm" subtype="i...
Hi all, Just picking the brains of the community to see if someone has
found a better solution to the problem below: Problem: Receipt of a JSON
log which contains an array of critical information. Like the one
below.{ "id": 909999, "cstName": "test1"...
@adem_netsys , Not sure if there is an official guide on this there is
an article on the rule performance and best practises guide. (Good
practices and How to troubleshoot ru... - Fortinet Community) In reality
is very difficult to gauge this kind of...
Hi @Shaheer256 , Two options to consider here, if the network is truly
isolated and there is no way to get a connection the best you can do is
upload the events to FortiSIEM manually, 1)
https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/An...
Hi @AliMhaerFathy , On a functional level, unused events help you cover
sudden increases in EPS (i.e. during an attack devices tend to be more
verbose, a firewall can easily go from 400EPS to 2,500 during an
attack). Also a second point is to give yo...
Hi @adem_netsys , Yes if you do not want to monitor the system
performance PH_DEV_MON can be excluded from collection and that will
lower your EPS count or you can change the polling interval to make it
less aggressive, hence collecting less data. Th...
