Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

AliHaider
New Contributor

Created on ‎11-05-2020 03:49 AM

Analytics using two different log sources

Hello,

I am trying to create a report which would require data from two different log sources or events.

One event is the initial login of the VPN user, which has their username, login success/failure and their Source IP (which is their actual public IP allocated by the ISP).
The other logs contain their general traffic logs, and the important info in these logs is the tunnel IP they have been allocated once they have connected to the corporate VPN.

I can do the reports and dashboards for both these events individually.

Is there anyone to combine these two logs or events and extract the important info from both and present it as one output/report. 

Regards,
Ali.
Labels:
396
0 Kudos
1 Solution
FSM_FTNT
Staff
Staff
In response to KarnGriffen

Created on ‎11-09-2020 10:41 AM

Hi Ali,

To build on Karn suggestion, you can also use a Nested search. Check here https://help.fortinet.com/fsiem/6-1-0/Online-Help/HTML5_Help/Nested_queries.htm

If you are able to share the events from both your searches, I can have a go at building the nested search for you.

Cheers

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

View solution in original post

377
0 Kudos
2 REPLIES 2
KarnGriffen
New Contributor III

Created on ‎11-09-2020 09:28 AM

Ali,

It's not perfect, but you can take your two existing report criteria and put them into one query using OR.  (1st Report Parameters) OR (2nd Report Parameters).  Then use the displayed columns to display the fields you would like.
377
0 Kudos
FSM_FTNT
Staff
Staff
In response to KarnGriffen

Created on ‎11-09-2020 10:41 AM

Hi Ali,

To build on Karn suggestion, you can also use a Nested search. Check here https://help.fortinet.com/fsiem/6-1-0/Online-Help/HTML5_Help/Nested_queries.htm

If you are able to share the events from both your searches, I can have a go at building the nested search for you.

Cheers

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
378
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.