FortiSIEM Adding a Watch List to a Rule

Adding a Watch List to a Rule
  1. Go to Analytics > Rules.
  2. Select the rule you want to add the watch list to, and then click Edit.
  3. Next to Watch Lists, click Edit.
  4. Select the watch list you want to add, and use the Add >> button to add it to the rule.
  5. For Incident Attribute, select the incident information you want to add to the watch list.

Watch List Attribute Type Must Match Incident Attribute

The Type that you set for the watch list must match the Incident Attribute Types for the rule. For example, if your watch list Type is IP, and the Incident Attribute Type for the rule is string, you will not be able to associate the watch list to the rule.

  1. Click OK.

Next to Watch Lists, you will see Watch List has been defined.





Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU