Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSIEM Discussions
- Fortinet Community
- Community Groups
- FortiSIEM
- Discussions
- Forcepoint Bitglass Integration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forcepoint Bitglass Integration
Hi guys,
We have a Forcepoint product that we use in the cloud environment, we want to transfer the logs here to FortiSIEM inside, for this we have imported the logs with the API, but we cannot parser them because they come in nested structure, we cannot get them with oversyslog. Does anyone have any idea how we can solve the nested structure?
Thanks in advance
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @adem_netsys,
Do you have a sample log to be able to understand better what is needed here?
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Secusaurus
Since the event log data is in nested form unfortunately FortiSIEM cannot populate “data” field.
{
"status": "Request was successful",
"nextpagetoken": "tokenid",
"response": {
"dataformat": "csv",
"data": [
"syslogheader,time,indexedtime,deviceguid,ipaddress,destinationip……”
"dataencoding": "utf-8"
}
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so, the only interesting thing is inside `response.data` and it's an array of multiple lines of logs, which you would need to treat as multiple events eventually. Correct?
At the moment, I, personally, don't have a solution for that yet, but probably someone of the staff here might be able to explain further details for the API-pull-type or the parsers here?
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it's correct. FortiSIEM cannot open the data in the incoming log, although we specified it as data in the API request, we could not get it. Is there any other method to get it?
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiSIEM
166 -
Parsers
7 -
Rules
5 -
ClickHouse
4 -
fortisiem v7.2.0
4 -
FortiSIEM v6.x
4 -
integration
4 -
API
4 -
Agent Linux
3 -
database
3 -
Agent
3 -
FortiSIEM Cloud
3 -
Collector
3 -
External System Integration
3 -
FortiGate
3 -
watchlist
2 -
FortiAnalyzer
2 -
Collector Agent
2 -
Source Code
2 -
lookuptables
2 -
FortiSiem 7.1
2 -
Supervisor
2 -
SAML
2 -
CMDB
2 -
Analytics & Reporting
2 -
GUI
2 -
Incidents
2 -
Rocky Linux 8
1 -
eventdb
1 -
Impact
1 -
Redhat 8
1 -
OPManager
1 -
Oracle Linux 8
1 -
Alma Linux 8
1 -
"FortiSIEM Incidents"
1 -
lookups
1 -
o
1 -
CMMC
1 -
Audit
1 -
RBAC
1 -
User Control
1 -
Audit log
1 -
Reference Files
1 -
Hi
1 -
cisco wsa
1 -
Partnership Inquiry
1 -
Reference Material
1 -
FortiClient
1 -
FortiAuthenticator v5.5
1 -
FortiSIEM HW
1 -
upgrade
1 -
IPsec
1 -
Migration
1 -
External Connectors
1 -
LDAP
1 -
Report
1 -
Microsoft Office365
1 -
Azure
1 -
Cisco
1 -
discovery
1 -
Windows Defender
1 -
Report-Rules-Dashboards
1 -
Notifications
1 -
Expressions
1 -
Architecture
1 -
FortiSASE
1 -
Status
1 -
MySQL
1 -
Internet service database
1 -
Dashboard
1 -
Usage
1 -
Certificate
1 -
enrichement
1
Top Kudoed Authors
| User | Count |
|---|---|
| 72 | |
| 25 | |
| 15 | |
| 10 | |
| 10 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.