SIEM & UEBA

 This part of the forum is focused on SIEM & UEBA and in particular FortiSIEM and FortiInsight!

As well as discussing SIEM related topics, we can use the forum to share customizations, parsers, new content, ideas and of course questions!




* This is a PUBLIC forum. Do not disclose any private information here. 

Latest Discussions

  • Hi, According to the Oracle Audit Vault Administration guide (https://docs.oracle.com/cd/E69292_01/doc.122/e41705.pdf), it is possible to enable syslog forwarding for the audit vault alerts. Will this be sufficient for Oracle DB auditing instead of ...

  • Profile Picture

    Total Interface Down time

    You can pull events showing when an interface goes down and when it come backup, However there does not appear to be a way to total the time between the two events. Is there a way to do this. One way I have though about, is to setup a rule that create ...

  • Hi, Anyone could share their own rules for F5 and Cisco FCM?

  • Profile Picture

    RE: Alerts for 0 events

    There is no great way to do this. I've attached a rule we use now that looks for a SUM(Event Rate) that is below a threshold.

  • Profile Picture

    RE: Cisco Iron Port - Unknown Event

    From the admin guide, these steps need to be followed. The log above does not look like the sample in the admin guide, so it probably needs a parser adjustment if all the steps have been followed: Syslog Log in to your Ironport Mail Gateway device ...

Group Leads

Poll