SIEM & UEBA

 View Only

 This part of the forum is focused on SIEM & UEBA and in particular FortiSIEM and FortiInsight!

As well as discussing SIEM related topics, we can use the forum to share customizations, parsers, new content, ideas and of course questions!




* This is a PUBLIC forum. Do not disclose any private information here. 

Latest Discussions

  • Profile Picture

    RE: Passwordstate parser?

    Absolutely your method for these kinds of logs is correct... You would just create as many case statements as needed. In some cases you might set two or more cases to the same eventType as below. <switch> <case> <collectAndSetAttrByRegex src="$_body"> ...

  • Hi Ali I once did that a long time ago with Splunk, if I remeber correctly there we used the Session ID to match the logs of a WAF to the original IPs masked by the Fortigate in front of it. Regards Simon

  • Profile Picture

    RE: FortiSEIM round values

    It is not currently possible to limit by on a group. ------------------------------ Daniel FortiSIEM Product Manager ------------------------------

  • Hi, We are trying to integrate MSSQL via JDBC. However, we are facing an issue in the discovery process. It prompts an error for authentication (please refer to the attachments). Is there a possibility to bypass the SNMP configuration since SNMP is not ...

  • Hi Partha, Thanks again for your support. Understood now. I will test this out. ------------------------------ Cheers, Isuru ------------------------------

Group Leads

Poll