Hello, I am a monitoring analyst, and I have access to FAZ1000F v7.6.3.
When I go to “Incidents & Events,” I find a large number of incidents,
but when I take the source IP of these events and go to “Log View,” I
find that the event was blocked by th...
Hi, I'm new hereI have the SIEM analyst role and I have read-only access
to the fortianalyzer.I have to monitor all the events that it detects as
incidents.This fortianalyzer manages more than 10 firewalls and I only
want to get the events that are m...
Hello everyone,I apologize because I am using the translator to request
help. I clarify that I do not have knowledge in fortinet not am I an
administrator of one of these devices, I am an administrator of a SIEM
and I am currently receiving the UTM t...
Hello,It was just this that I needed, I already asked the administrator
to apply this configuration. config system log-forward edit 1 set mode
forwarding set fwd-max-delay realtime set server-name
"Logs_To_Vision_One" set server-addr "192.168.1.1" se...
Hello, thank you very much for taking the time to answer my
question.Yes, the SIEM has a command called iplocation that allows this
data to be retrieved, but in this specific case I need it to arrive in
the log from the source.
