Hi, Recently we received multiple logs from a FortiGate appliance that
are related to the "diag log test" command like the one below
date=2024-05-10 time=17:33:16 devname="firewall" devid="ID" eventtime=
tz="" logid="0419016384" type="utm" subtype="i...
Hi all, Just picking the brains of the community to see if someone has
found a better solution to the problem below: Problem: Receipt of a JSON
log which contains an array of critical information. Like the one
below.{ "id": 909999, "cstName": "test1"...
Hi all, Just wanted to check with the community who is using version
7.1.x and what are your views on the new GUI and the impact on internal
process for SOCs and analyst time (Incident to Analysis to Closure).
FortiSIEM Thanks, Sotiris
Hi all, Just checking if someone is aware of a method for debugging SIEM
rules when they trigger. We have been through the testing, replay logs
in a controlled environment and testing variations of the matching
conditions but in production we still s...
Hi all, Does anyone know if it is possible to import a SOAR connector
into a Code Snippet step for utilisation? An example of this would be
the import of "Utilities" step to perform API queries. Thanks,Sotiris
Hi @ebudi , It looked like the issue was with local caching on the
browser. We cleaned up the local browser cache and then created a new
Folder under FortiSIEM Analysts in CMDB and then added the users to that
folder. As per the guide
https://help.fo...
Hi @Bruce7x2 , Let me try to provide some answers: 1) You have not
created the appropriate account. Refer to your second question. You are
required to create the account and setup the Authorization header (Basic
"") in your POST request. 2) Yes the a...
Hi @mohamed44 , CMDB reports are purely for CMDB (devices under
monitoring), they do not contain any information on Incidents nor can
you create a report for Incidents under CMDB Reports. If you are looking
into developing a new Incident Report than ...
Hi @mohamed44 , When working with FortiSIEM time in searches or API
queries is in Epoch time. Have a look at the article
https://community.fortinet.com/t5/FortiSIEM/Technical-Tip-How-to-purge-events-for-an-organization-from-CLI/ta-p/214337
- Section ...