Other Infrastructure Logs
Understanding user behavior does not solely rely on UEBA and ML models. The somewhat more traditional SIEM correlation rules, as well as specific statistical rules, can improve detection, identify user anomalies and potentially malicious behavior.
Logs from Windows, Linux and Firewalls that provide network access or authentication should also be sent to FortiSIEM.
To start, configure your FortiGate firewalls to send logs to FortiSIEM by following the steps in the ESCG.