Hi guys, Is the EPS licence calculated based on the number of events
received by the SIEM or the number of parse events? A log source
receives 500 events per second and 200 are dropped and only 300 are
processed. Will the EPS licence be 300 or 500 he...
Hi,I have installed an agent on my windows 2008 R2 machine and I am
getting the logs here but the logs are not parsed because the raw
message is split into several parts, to try to fix this I disable the
default parser but it does not test and does n...
Hello, I want to define the exclusion list of a known application. I
have a long list, do we have a different method other than adding it one
by one? Thank you
Hi guys, I have a rule related to config changes in PAN OS and I want to
define a rule that includes only user changes and make it high level,
but since the scope of the first rule covers both, it hits the first one
first. In this case, by defining a...
Hi guys, I want to write a rule to login with admin for all devices in
FortiSIEM, it doesn't matter if it succeeds or fails, I want to get
both. How should I proceed with this? Thank you
hi @Ali_Maher For this, you need to open the SNMP settings on the
windows side and make a correct define to the SIEM. Then, There is a bug
in these versions related to JDBC, it would be better to wait for
version 7.2.