* Rules Engine in FortiSIEM: The rules engine evaluates incoming events based on defined conditions to detect incidents and anomalies.
* Aggregation Condition: The aggregation condition instructs FortiSIEM to summarize and count the matching evaluated data.
Function: Aggregation is used to group events based on specified criteria and then perform operations such as counting the number of occurrences within a defined time window.
* Purpose: This allows for the detection of patterns and anomalies, such as a high number of failed login attempts within a short period.
* Reference: FortiSIEM 6.3 User Guide, Rules Engine section, which explains how aggregation is used to summarize and count matching data.

* Syslog Reception Verification: To verify whether syslog messages are being received from a network device, a network packet capture tool can be used.
* tcpdump Command: tcpdump is a powerful command-line packet analyzer tool available in Unix-like operating systems. It allows administrators to capture and analyze network traffic.
Usage: By using tcpdump with the appropriate filters (e.g., port 514 for syslog), administrators can monitor the incoming syslog messages in real-time to verify if they are being received.
Example Command: tcpdump -i <interface> port 514 captures the syslog messages on the specified network interface.
* Reference: FortiSIEM 6.3 User Guide, CLI Commands section, which details the usage of tcpdump for network traffic analysis and verification of syslog reception.