Re: New User - Getting Hammered by False Positives

sioannou · 10-10-2024

Hi all, Has anyone integrated Cisco EDR and Cisco Secure Cloud Analytics to FortiSIEM, this is for log collection. Thanks, S

sioannou · 08-06-2024

Hi all, Does anyone know if there is a way to remove access to the Super/Local account when creating a new user with limited access to multiple organisations. We have tried with Role and limiting Organization ID access but the Super/Local account is ...

sioannou · 05-13-2024

Hi, Recently we received multiple logs from a FortiGate appliance that are related to the "diag log test" command like the one below date=2024-05-10 time=17:33:16 devname="firewall" devid="ID" eventtime= tz="" logid="0419016384" type="utm" subtype="i...

sioannou · 04-10-2024

Hi all, Just picking the brains of the community to see if someone has found a better solution to the problem below: Problem: Receipt of a JSON log which contains an array of critical information. Like the one below.{ "id": 909999, "cstName": "test1"...

sioannou · 02-28-2024

Hi all, Just wanted to check with the community who is using version 7.1.x and what are your views on the new GUI and the impact on internal process for SOCs and analyst time (Incident to Analysis to Closure). FortiSIEM Thanks, Sotiris

sioannou · 08-22-2024

Hi @Shaheer256 , Two options to consider here, if the network is truly isolated and there is no way to get a connection the best you can do is upload the events to FortiSIEM manually, 1) https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/An...

sioannou · 08-22-2024

Hi @AliMhaerFathy , On a functional level, unused events help you cover sudden increases in EPS (i.e. during an attack devices tend to be more verbose, a firewall can easily go from 400EPS to 2,500 during an attack). Also a second point is to give yo...

sioannou · 08-12-2024

Hi @adem_netsys , Yes if you do not want to monitor the system performance PH_DEV_MON can be excluded from collection and that will lower your EPS count or you can change the polling interval to make it less aggressive, hence collecting less data. Th...

sioannou · 08-06-2024

Hi @adem_netsys , Very difficult question to answer, it all depends on your objectives and what the PAM platform is trying to protect. For example an organisation might want to keep all possible logs on a SIEM to verify that there is no data manipula...

Re: User Timeout · 07-31-2024

Hi @adem_netsys , Lockout duration is stored in ph_user table -> lockout_duration of psql. I have not tried modification and not sure if any change will cause operational issues. Regards,S

User Statistics

User Activity

Cisco EDR and NDR Integration with SIEM

Role Management - User access to multiple organisations

FortiGate diag log test question

JSON Log Parsing

New FortiSIEM Interface Version 7.1.x

Re: Fortisem- Nozomi Guardian Integration

Re: License and Unused Events

Re: Performance Monitoring Log

Re: Performance Monitoring Log

Re: User Timeout

Re: New User - Getting Hammered by False Positives

Re: Your experience with Baseline-Rules?

Re: Default Enabled Parsers

Re: FortiSIEM: Moving database to another instance

Re: FortiAuthenticator SAML for FortiSIEM

Re: New User - Getting Hammered by False Positives

Re: Would like to know the process to shutdown and...

Re: FortiSIEM alerts classification

Re: [FortiSIEM]Process of Log Capture and Rule Cre...

Re: Default Enabled Parsers

FortiSIEM

FortiSOAR