Hi everyone, I'd just like to exchange thoughts or practices about
baseline-focused rules on the FortiSIEM:At the moment, about 80% of our
Incidents are "Sudden increase in ...", as we narrowed down all the
other rules to not trigger on False Positiv...
Hello everyone, We are continuously experiencing the incident "High
performance monitoring delay from Collector or Worker SIEM Supervisor"
on our FortiSIEM platform. That one is triggered as soon as the Event
Type "PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY...
Dear Community support, I've had a custom avatar image a while (think,
I've set this two-three years ago) and tried to update it recently. But
my finger was too fast, so I got one of the "community avatars" now.Now,
my question is: How can set a cust...
Hello all, We are in discussion with a customer that likes to host the
FortiSIEM on prem but considers moving to our
multi-tenant-cloud-environment some day in future.As we are just setting
up the SIEM, I would like to build the environment in a way ...
Dear community, Maybe anyone else already wrapped his/her around this on
FortiSIEM:I am looking for an aggregation function in the
analytics/report generation that behaves like the SQL "concat" command,
meaning writing all the values of all rows into...
Hi @yadde, Just one side-note: In our SOC (currently on FSM v7.1.3) our
analysts obviously trained the ai enough to sort out a lot of false
positives already; they make use of the "Incident Resolution
Recommendation", see:
https://help.fortinet.com/f...
Concerning interface becoming unresponsive: We've seen the interface
slowing down after looking at a lot of incidents as well, but becoming
quick again as soon as the page is refreshed. I think it's some sort of
javascript-caching here. We've seen th...
Hi @sioannou, We are using 7.1 and experienced a great improvement for
the workflow regarding incident handling.There are some minor things
that did not get into the new GUI, but overall it's a much faster
insight in triggering events than it was bef...
Hi @makeel, Obviously, the second issue is the reason for the first one.
In my understanding, the report just could not be generated.Can you run
the report itself in Analytics and just the export fails? Or does it
already fail in Analytics? You shoul...
Hi Manuel, Great point (love the awtrix clock and note that down for our
SOC :) )!Just one thing to note: The incident then is considered as
remediated. Depending on how your analysts work, this might become
irritating. Best,Christian