Hi guys, In FortiSIEM, I want to get notifications about disc usage when
it becomes critical, but when I run the rules here, I get empty output,
what is the reason for this? What is the critical level, 80 or 90, I did
not see this value in custom pro...
Hi, There are 2 hot tier and one warm tier in our environment. I don't
know if you have used it this way before, but we know that when there
are two tiers, the average of this is looked at, and the tier sizes here
are 5T in one and 3T in the other. H...
Hi guys, We have a Forcepoint product that we use in the cloud
environment, we want to transfer the logs here to FortiSIEM inside, for
this we have imported the logs with the API, but we cannot parser them
because they come in nested structure, we ca...
Although there is no login or incorrect attempt, the Brute Force Rule is
triggered and therefore the incident occurs, we encounter this
situation. We were told that we can remove Window Credentials, but is
there any other way? Thanks in advance
Hi guys, First of all, I have two questions. Firstly, if the ip of the
source I send logs to with syslog and win agent changes, do I
automatically see it on FortiSIEM or do I recognise it as a new machine?
Secondly, can I change the DNS of the log I ...
it's correct. FortiSIEM cannot open the data in the incoming log,
although we specified it as data in the API request, we could not get
it. Is there any other method to get it?
Hi @Secusaurus Since the event log data is in nested form unfortunately
FortiSIEM cannot populate “data” field. { "status": "Request was
successful", "nextpagetoken": "tokenid", "response": { "dataformat":
"csv", "data":
["syslogheader,time,indexedti...