SIEM & UEBA

Expand all | Collapse all

Alerts for 0 events

  • 1.  Alerts for 0 events

    Posted 19 days ago
    Does anyone know how to create an alert in fortiseim that will alert if no events the match the filter in a 24 hours period.

    I have tried matched events = 0  and matched events = NULL, but neither seem to work


  • 2.  RE: Alerts for 0 events

    Posted 15 days ago
      |   view attached
    There is no great way to do this.  I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.