Hello Community. Please give some tip on how to create lists like
(words, emails, names, etc) for later use. case scenario: using the
filter "Mail Sender" --> IN --> (select from cmdb the list emails)
Regards.
Hello Community. I'm trying to run some newly created playbooks with
Manual Trigger using csadmin user, then I want to run it on ingested
alerts from SIEM or escalated alerts (incidents) using the Execute
option at the bottom of each record, but I ca...
Hello Community I'm trying to create a rule in FortiSIEM to detect
successful ssl-vpn connections without token, the logs that I get from
Syslog are:
FortiGate-event-two-f-auth-code-sendtoFortiGate-ssl-vpn-user-tunnel-upFortiGate-event-auth-logon
Wha...
Hello FortiSIEM Community I have this little doubt about two workers
that are members from one shard (2 replicas), when I run "df -h" the
output on each one is this: Shard 1 - Worker1 /dev/sdd 2.0T 16G 2.0T 1%
/data-clickhouse-hot-1 /dev/sde 4.0T 29G...
Hello Please anyone has experience with this log, that seems that Worker
is denying logs from Collector. (This is a Clickhouse environment with
one Worker and one Supervisor) [root@shard1 ~]# tail -f
/etc/httpd/logs/ssl_access_log ip_collec- 10001 [1...
Hello @Secusaurus thank you for reply. 1. The events logs are not
followed on FSIEM, each fortigate uses syslogs to sends a lot so they
arrive between ips, generic, ipsec .... 2. I'm not using FAC for MFA, I
just using the local users on Fortigate wi...
Hi @AEK this is the output [root@replica1 ~]# du -sh
/data-clickhouse-hot-1/clickhouse/store/* 364M
/data-clickhouse-hot-1/clickhouse/store/036 0
/data-clickhouse-hot-1/clickhouse/store/1e0 0
/data-clickhouse-hot-1/clickhouse/store/26d 4.0K
/data-cli...
Hello @AEK this is the output: [root@replica1]# du -sh
/data-clickhouse-hot-1/clickhouse/* 20K
/data-clickhouse-hot-1/clickhouse/access 0
/data-clickhouse-hot-1/clickhouse/data 0
/data-clickhouse-hot-1/clickhouse/dictionaries_lib 0
/data-clickhouse-h...
