Rule Evaluation in FortiSIEM: Rules in FortiSIEM are evaluated periodically to check if the defined
conditions or subpatterns are met.
Frequency Field: The Frequency field in a rule determines the interval at which the rule's subpattern
will be evaluated.
Evaluation Interval: This defines how often the system will check the incoming events against the
rule's subpattern to determine if an incident should be triggered.
Impact on Performance: Setting an appropriate frequency is crucial to balance between timely
detection of incidents and system performance.
Examples:
If the Frequency is set to 5 minutes, the rule will evaluate the subpattern every 5 minutes.
This means that every 5 minutes, the system will check if the conditions defined in the subpattern
are met by the incoming events.
Reference: FortiSIEM 6.3 User Guide, Rules and Incidents section, which explains the Frequency
field and how it impacts the evaluation of subpatterns in rules.
