FortiSIEM Defining Rule Exceptions

Leave a reply

Defining Rule Exceptions

Once you activate a rule, it continuously monitors your IT infrastructure for conditions that would trigger an event. However, you may also want to define exceptions to those conditions. For example, you may know that a server will be going down for maintenance during a specific time period and you don’t want your Server Down – No Ping Response rule to trigger an incident for it.

  1. In Analytics > Rules, select the rule you want to add the exception to, and click Edit.
  2. Next to Exceptions, click Edit.
  3. Select an Attribute and Operator, and enter a Value, for the conditions that will prevent an incident from being generated.

The values in the Attribute menu are from the Event Attributes associated with the incident definition.

  1. Click the + icon to set an effective time period for the exception.

You can set effective time periods for single and recurring events, and for durations of time from hours to days.

  1. Enter any Notes about the exception.

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.