FortiSIEM Adding a Watch List to a Rule

Adding a Watch List to a Rule
  1. Go to Analytics > Rules.
  2. Select the rule you want to add the watch list to, and then click Edit.
  3. Next to Watch Lists, click Edit.
  4. Select the watch list you want to add, and use the Add >> button to add it to the rule.
  5. For Incident Attribute, select the incident information you want to add to the watch list.

Watch List Attribute Type Must Match Incident Attribute

The Type that you set for the watch list must match the Incident Attribute Types for the rule. For example, if your watch list Type is IP, and the Incident Attribute Type for the rule is string, you will not be able to associate the watch list to the rule.

  1. Click OK.

Next to Watch Lists, you will see Watch List has been defined.

 

 

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.