Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

HugoPinto
Contributor

FortiSIEM - MCAS - Parser

Hi,

We have fix an issue on Microsoft MCAS Parser, to fix an issue on message for Exhange online, to collect inbox rules names, folders, etc...

msg=Run command: task New-InboxRule; Parameters: Session ID f455268c-8fd0-4707-89c8-0ad00asd0a, property AlwaysDeleteOutlookRulesBlob False, property Force False, property CopyToFolder Conversation History, property From user-xxxx@local.domain, property MoveToFolder Assinaturas do RSS, property Name Fraud Detection, property SubjectContainsWords Teste de Fraude Detection, property StopProcessingRules True

So we have change the parser to collect this fields by collectFieldsByKeyValuePair, we share with the comunity for you FSM.

Note: this V2 parser will only work in msg that contain "Run command" or event types that contain "Run command"

To add new values go to the parser and add attributes from witch fields do you to collect from Exchange, Sharepoint, etc..

Enjoi
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.