Rules

FortiSIEM continuously monitors your IT infrastructure and provides information to analyze performance, availability, and security. There may also be situations in which you want to receive alerts when exceptional, suspicious, or potential failure conditions arise. You can accomplish this using rules that define the conditions to watch out for, and which trigger an incident when those conditions arise. You can configure a notification policy that will send email and SNMP alerts that the incident has occurred. FortiSIEM includes over 500 system-defined rules, which you can see in RESOURCES > Rules, but you can also create your own rules as described in the topics in this section.