FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff
Article Id 196013

Description

This article describes how to create and customize rules and alerts in the FortiSIEM user interface. 


Solution

In FortiSIEM , an administrator can modify and/or create rules and alerts to fit the enterprise's environment.

Here is a step by step guide to begin creating or modifying, new or existing rules and alerts:

    1. Log into the UI of the Supervisor.

    2. Click on the Analytics tab.

    3. Click on Rules and highlight the rule to edit and click Edit. To create a rule click New. 

      FortiSIEM-rules-edit.png
    4. Before saving a new rule add a Rule Name, Severity, Subpattern and Action. See example below. 

      FortiSIEM-rules-edit2.png
 

 

Related Articles

Technical Note: How to move a rule from one category to another.

Technical Note: How do I create and/or customize rules and alerts?

Contributors