FortiSIEM Defining Rule Exceptions

Defining Rule Exceptions

Once you activate a rule, it continuously monitors your IT infrastructure for conditions that would trigger an event. However, you may also want to define exceptions to those conditions. For example, you may know that a server will be going down for maintenance during a specific time period and you don’t want your Server Down – No Ping Response rule to trigger an incident for it.

  1. In Analytics > Rules, select the rule you want to add the exception to, and click Edit.
  2. Next to Exceptions, click Edit.
  3. Select an Attribute and Operator, and enter a Value, for the conditions that will prevent an incident from being generated.

The values in the Attribute menu are from the Event Attributes associated with the incident definition.

  1. Click the + icon to set an effective time period for the exception.

You can set effective time periods for single and recurring events, and for durations of time from hours to days.

  1. Enter any Notes about the exception.



Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos