This part of the forum is focused on SIEM & UEBA and in particular FortiSIEM and FortiInsight!

As well as discussing SIEM related topics, we can use the forum to share customizations, parsers, new content, ideas and of course questions!

* This is a PUBLIC forum. Do not disclose any private information here. 

Latest Discussions

  • Hi, According to the Oracle Audit Vault Administration guide (, it is possible to enable syslog forwarding for the audit vault alerts. Will this be sufficient for Oracle DB auditing instead of ...

  • Profile Picture

    Total Interface Down time

    You can pull events showing when an interface goes down and when it come backup, However there does not appear to be a way to total the time between the two events. Is there a way to do this. One way I have though about, is to setup a rule that create ...

  • Hi, Anyone could share their own rules for F5 and Cisco FCM?

  • Profile Picture

    RE: Alerts for 0 events

    There is no great way to do this. I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.

  • Profile Picture

    RE: Cisco Iron Port - Unknown Event

    From the admin guide, these steps need to be followed. The log above does not look like the sample in the admin guide, so it probably needs a parser adjustment if all the steps have been followed: Syslog Log in to your Ironport Mail Gateway device ...

Group Leads