FortiSIEM - MCAS - Parser - Fortinet Community

Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Hi,

We have fix an issue on Microsoft MCAS Parser, to fix an issue on message for Exhange online, to collect inbox rules names, folders, etc...

msg=Run command: task New-InboxRule; Parameters: Session ID f455268c-8fd0-4707-89c8-0ad00asd0a, property AlwaysDeleteOutlookRulesBlob False, property Force False, property CopyToFolder Conversation History, property From user-xxxx@local.domain, property MoveToFolder Assinaturas do RSS, property Name Fraud Detection, property SubjectContainsWords Teste de Fraude Detection, property StopProcessingRules True

So we have change the parser to collect this fields by collectFieldsByKeyValuePair, we share with the comunity for you FSM.

Note: this V2 parser will only work in msg that contain "Run command" or event types that contain "Run command"

To add new values go to the parser and add attributes from witch fields do you to collect from Exchange, Sharepoint, etc..

Enjoi

6 KB

295

0 REPLIES 0

Top Kudoed Authors

User

Count

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.