Coming Unknown Windows Logs with agent

Forum|Forum|11 months ago
June 23, 2025
3 replies
1761 views

Hello team,

Although policy assignment is made in the windows logs we receive with windows agent, the logs come as ‘unknown’. Has anyone encountered this situation before? We could not solve the problem by adding a device specific parser.

cdurkin_FTNT

Staff

Can you give a sanitized example of an Unknown event?

Himanshu735

New Member

Please share the unknown event types and version of your Fortisiem and Collector also Agent version .

adem_netsysAuthor

Explorer III

hi @cdurkin_FTNT @Himanshu735

Actually, these are the windows events logs we know. Version 7.1.4

cdurkin_FTNT

Staff

Thanks, so can you provide:
1) Sanitized Sample of an Unknown Event

2) FortiSIEM Version and Agent Version.

adem_netsysAuthor

Explorer III

Hi @cdurkin_FTNT @Himanshu735,

Log example for FSM-WUA-WinLog-Security logs from Windows.

Sample: 2025-06-26T13:03:19Z fsrv01.internal.example.com 172.10.24.20 FSM-WUA-WinLog-Security [phCustId]="9999" [customer]="ExampleCorp-Datacenter" [monitorStatus]="Success" [Locale]="tr-TR" [MachineGuid]="f1a2b3c4-d5e6-7890-ab12-3456789cdef0" [timeZone]="+0300" [extEventRecvProto]="Windows Agent" [level]="Information" [xml]=4658001281200x802000000000000023181031Securityfsrv01.internal.example.comS-1-5-18fsrv01$EXAMPLECORP0x3e7Security0x4380xd50C:\\Program Files\\VMware\\VMware Tools\\vmtoolsd.exe

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded