 Threshold Management: FortiSIEM uses thresholds to generate alerts and incidents based on performance and security metrics.

 Global Thresholds: These are default thresholds applied to all devices and metrics across the system, providing a baseline for alerts.

 Per Device Thresholds: These thresholds can be customized for individual devices, allowing for more granular control and tailored monitoring based on specific device characteristics and requirements.

 Usage in Performance Metrics: Both global and per device thresholds are used for performance metrics to ensure comprehensive and precise monitoring.

 References: FortiSIEM 6.3 User Guide, Thresholds and Alerts section, details the application of global and per device thresholds for performance and security metrics.