Tuning for the following Built in system rules(s) End User DNS Queries
to Unauthorized DNS Servers(s) Outbound Traffic to Unapproved Public DNS
ServersThe FortiSIEM has many built in rules to start detecting and
alerting on events of interest.Unfortu...
Tuning for the following Built in system rules(s) End User DNS Queries
to Unauthorized DNS Servers(s) Outbound Traffic to Unapproved Public DNS
ServersThe FortiSIEM has many built in rules to start detecting and
alerting on events of interest.Unfortu...
Hello,I have been looking for a way to manually delete logs in FortiSIEM
but can not find one. Does any one know recommended way to do so?We have
NFS as back end for one deployment and Hardware all in one for another
FortiSIEM deployment, both separa...
Hello,I have been looking for a way to manually delete logs in FortiSIEM
but can not find one. Does any one know recommended way to do so?We have
NFS as back end for one deployment and Hardware all in one for another
FortiSIEM deployment, both separa...
we have found an issue with parsing of nginx logs. The built in parser
labeled NginxParser has a hard coded parameter for GMT time that only
uses a + value, this will in reality not parse half of the world nginx
logs that may use a negative(-) value....
Hello,I think this article will help you get started,
cheers.https://docs.fortinet.com/document/fortisiem/6.1.2/external-systems-configuration-guide/857873/microsoft-windows-defender-atpRegards;Alex
Hello,I think this article will help you get started,
cheers.https://docs.fortinet.com/document/fortisiem/6.1.2/external-systems-configuration-guide/857873/microsoft-windows-defender-atpRegards;Alex-------------------------------------------Original
...
Hello Ken,Thank you for your reply. We use the retention policy for each
SIEM tenant, but I was wondering if there is a recommended way to delete
specific logs or event types from a device from a specific tenant on NFS
or hardware FortiSIEM deploymen...
Hello Ken,Thank you for your reply. We use the retention policy for each
SIEM tenant, but I was wondering if there is a recommended way to delete
specific logs or event types from a device from a specific tenant on NFS
or hardware FortiSIEM deploymen...
Hello Daniel,Thank you for your reply. I have engaged support ticket to
share the logs in question and discuss update to parser for next
release. Regards;Alex