SIEM & UEBA

 This part of the forum is focused on SIEM & UEBA and in particular FortiSIEM and FortiInsight!

As well as discussing SIEM related topics, we can use the forum to share customizations, parsers, new content, ideas and of course questions!




* This is a PUBLIC forum. Do not disclose any private information here. 

Latest Discussions

  • Profile Picture

    RE: FortiSIEM - Oracle Audit Vault Support

    By Isuru , Jun 14, 2021 1:35 AM

    Hi, According to the Oracle Audit Vault Administration guide (https://docs.oracle.com/cd/E69292_01/doc.122/e41705.pdf), it is possible to enable syslog forwarding for the audit vault alerts. Will this be sufficient for Oracle DB auditing instead of ...

  • Profile Picture

    Total Interface Down time

    By Kevin , Jun 7, 2021 5:18 PM

    You can pull events showing when an interface goes down and when it come backup, However there does not appear to be a way to total the time between the two events. Is there a way to do this. One way I have though about, is to setup a rule that create ...

  • Profile Picture

    RE: FortiSIEM Questions & Answers

    By Muhammad Hafiz Safwan , Jun 6, 2021 10:57 AM

    Hi, Anyone could share their own rules for F5 and Cisco FCM?

  • Profile Picture

    RE: Alerts for 0 events

    By Karn , Jun 1, 2021 3:46 PM

    There is no great way to do this. I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.

  • Profile Picture

    RE: Cisco Iron Port - Unknown Event

    By Karn , May 18, 2021 12:50 PM

    From the admin guide, these steps need to be followed. The log above does not look like the sample in the admin guide, so it probably needs a parser adjustment if all the steps have been followed: Syslog Log in to your Ironport Mail Gateway device ...

Group Leads

Poll