| Description |
This article describes how to exclude IPs/domains in the FortiSOAR UI using Global Variables. |
| Scope | FortiSOAR 5.x, 6.x, 7.x. |
| Solution |
Excluding management IPs during alert correlation and other security processes is important because these IP addresses are typically used for monitoring and managing network devices. Including them in correlation can lead to false positives, as legitimate management activities may trigger alerts. By excluding management IPs, security teams can focus on real threats and reduce noise in monitoring and detection systems, improving the accuracy and effectiveness of their security operations.
Global Variables in FortiSOAR are system-wide data containers that store values for use across different playbooks, scripts, or integrations. These variables provide a convenient way to share and access information universally, streamlining workflow automation and enhancing data consistency and efficiency within the FortiSOAR platform.
In this example, global variables have already been defined in FortiSOAR to exclude IP addresses, URLs, and domains.
To configure these variables, follow these steps:
|
