Hello Hi Community, please I want to know if anyone has integrated misp
feeds to Fortigate (I already have feeds for IP and URL from other
sources) How can I consume this IOC from misp events.? Thank you!
Regards.
Hi guys, I'm stuck with something, Once enabled SOAR MEA on FAZ 7.4.4,
because "execute shell is no longer supported", I can't get in into the
CLI for install some connectors. I appreciate some tip. Regards.
Hello Community. Please give some tip on how to create lists like
(words, emails, names, etc) for later use. case scenario: using the
filter "Mail Sender" --> IN --> (select from cmdb the list emails)
Regards.
Hello Community. I'm trying to run some newly created playbooks with
Manual Trigger using csadmin user, then I want to run it on ingested
alerts from SIEM or escalated alerts (incidents) using the Execute
option at the bottom of each record, but I ca...
Hello Community I'm trying to create a rule in FortiSIEM to detect
successful ssl-vpn connections without token, the logs that I get from
Syslog are:
FortiGate-event-two-f-auth-code-sendtoFortiGate-ssl-vpn-user-tunnel-upFortiGate-event-auth-logon
Wha...
Hi @adem_netsys use this command to analyze differents pathsdu -sh /*
2>/dev/null | sort -n Then if you see a directory with huge storage then
use the command again with the new path, like this: du -sh /new_path/*
2>/dev/null | sort -n This will lead...
Hello @Hugues1 and @adem_netsys greetings. Until now, I keep deleting
those *M files, and the FSIEM works perfectly. I don't know if this will
cause problems in the future. Also, I noted that the version of
FortiSIEM was causing many crash that were ...
Hi @adem_netsys I deleted all files inside /opt/phoenix/cache with the
prefix _M* and also found that some kernel crash were saved on /crash
directory /var I think this problem was solved because there are no more
space disk alerts. Regards.
Hello @Secusaurus thank you for reply. 1. The events logs are not
followed on FSIEM, each fortigate uses syslogs to sends a lot so they
arrive between ips, generic, ipsec .... 2. I'm not using FAC for MFA, I
just using the local users on Fortigate wi...
