Lookup tables can be used in Analytical searches and Rules. Look up for VPN logins from IP addresses or countries not seen in last 2 days Look up for user logins not seen in last 2 days Look up of new processes, ports, external domains not seen in last 2 days The ability to join events with Lookup tables enables many threat hunting use cases, for example: Lookup tables can contain meta data not present in events. Lookup tables can be created manually, via API or by running a CMDB or Event report on FortiSIEM. This release enables users to define Lookup tables and then write rules and reports by joining event database and Lookup tables. A regular 6.4.0 upgrade will replace CentOS 8 binaries with appropriate Rocky Linux binaries. There are no special upgrade procedures for existing customers running older FortiSIEM 6.x versions. Fresh 6.4.0 installations will run on Rocky Linux. Rule and Report Modifications since 6.3.3Ĭontent Upgrade Framework via FortiGuard ServiceĪgent and Collector Upgrade from SupervisorįortiSIEM 6.4.0 and later releases will run on Rocky Linux since CentOS 8 reached End Of Life on December 31, 2021. This document describes the additions for FortiSIEM 6.4.0 release. Key Enhancements | FortiSIEM 6.4.0 | Fortinet Document Library
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |