Rules Engine in FortiSIEM: The rules engine evaluates incoming events based on defined conditions to detect incidents and anomalies.
Aggregation Condition: The aggregation condition instructs FortiSIEM to summarize and count the matching evaluated data.
Function: Aggregation is used to group events based on specified criteria and then perform operations such as counting the number of occurrences within a defined time window.
Purpose: This allows for the detection of patterns and anomalies, such as a high number of failed login attempts within a short period.
References: FortiSIEM 6.3 User Guide, Rules Engine section, which explains how aggregation is used to summarize and count matching data.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit