Hi guys, I'm stuck with something, Once enabled SOAR MEA on FAZ 7.4.4,
because "execute shell is no longer supported", I can't get in into the
CLI for install some connectors. I appreciate some tip. Regards.
Hello Community. Please give some tip on how to create lists like
(words, emails, names, etc) for later use. case scenario: using the
filter "Mail Sender" --> IN --> (select from cmdb the list emails)
Regards.
Hello Community. I'm trying to run some newly created playbooks with
Manual Trigger using csadmin user, then I want to run it on ingested
alerts from SIEM or escalated alerts (incidents) using the Execute
option at the bottom of each record, but I ca...
Hello Community I'm trying to create a rule in FortiSIEM to detect
successful ssl-vpn connections without token, the logs that I get from
Syslog are:
FortiGate-event-two-f-auth-code-sendtoFortiGate-ssl-vpn-user-tunnel-upFortiGate-event-auth-logon
Wha...
Hello FortiSIEM Community I have this little doubt about two workers
that are members from one shard (2 replicas), when I run "df -h" the
output on each one is this: Shard 1 - Worker1 /dev/sdd 2.0T 16G 2.0T 1%
/data-clickhouse-hot-1 /dev/sde 4.0T 29G...
Hi @adem_netsys use this command to analyze differents pathsdu -sh /*
2>/dev/null | sort -n Then if you see a directory with huge storage then
use the command again with the new path, like this: du -sh /new_path/*
2>/dev/null | sort -n This will lead...
Hello @Hugues1 and @adem_netsys greetings. Until now, I keep deleting
those *M files, and the FSIEM works perfectly. I don't know if this will
cause problems in the future. Also, I noted that the version of
FortiSIEM was causing many crash that were ...
Hi @adem_netsys I deleted all files inside /opt/phoenix/cache with the
prefix _M* and also found that some kernel crash were saved on /crash
directory /var I think this problem was solved because there are no more
space disk alerts. Regards.
Hello @Secusaurus thank you for reply. 1. The events logs are not
followed on FSIEM, each fortigate uses syslogs to sends a lot so they
arrive between ips, generic, ipsec .... 2. I'm not using FAC for MFA, I
just using the local users on Fortigate wi...