Skip to main content
adem_netsys
adem_netsys
Explorer III
May 9, 2025
Question

Forcepoint Bitglass Integration

  • May 9, 2025
  • 1 reply
  • 833 views

Hi guys,

 

We have a Forcepoint product that we use in the cloud environment, we want to transfer the logs here to FortiSIEM inside, for this we have imported the logs with the API, but we cannot parser them because they come in nested structure, we cannot get them with oversyslog. Does anyone have any idea how we can solve the nested structure?

 

Thanks in advance

 

    1 reply

    Secusaurus
    Secusaurus
    Contributor III
    May 9, 2025

    Hi @adem_netsys,

     

    Do you have a sample log to be able to understand better what is needed here?

     

    Best,

    Christian

    NSE8 | Fortinet Advanced MSSP Partner
    adem_netsys
    adem_netsysAuthor
    Explorer III
    May 9, 2025

    Hi @Secusaurus 

     

    Since the event log data is in nested form unfortunately FortiSIEM cannot populate “data” field.

     

     

    {

        "status": "Request was successful",

        "nextpagetoken": "tokenid",

        "response": {

            "dataformat": "csv",

            "data": [

    "syslogheader,time,indexedtime,deviceguid,ipaddress,destinationip……”

            "dataencoding": "utf-8"

        }

    }

    Secusaurus
    Secusaurus
    Contributor III
    May 9, 2025

    so, the only interesting thing is inside `response.data` and it's an array of multiple lines of logs, which you would need to treat as multiple events eventually. Correct?

     

    At the moment, I, personally, don't have a solution for that yet, but probably someone of the staff here might be able to explain further details for the API-pull-type or the parsers here?

     

    Best,

    Christian

    NSE8 | Fortinet Advanced MSSP Partner
    Terms & ConditionsAccessibility statement