FortiSIEM - Windows Powershell

IsuruTharanga · ‎04-01-2020

Hi,

We are trying to integrate Windows PowerShell logs using the FortiSIEM Windows agent and currently, we have configured Powershell Operational logs. But we have an issue with the given Windows Powershell Event logs where they are not parsing.

We would like to know whether the issue is with our configuration or a parser.

Cheers,
Isuru

DanielHanman · ‎04-02-2020

Hi Isuru,

Do you have any sample events that you can share?

Thanks

Dan-------------------------------------------
Original Message:
Sent: 04-02-2020 02:40
From: Isuru Tharanga
Subject: FortiSIEM - Windows Powershell

Hi,

We are trying to integrate Windows PowerShell logs using the FortiSIEM Windows agent and currently, we have configured Powershell Operational logs. But we have an issue with the given Windows Powershell Event logs where they are not parsing.

We would like to know whether the issue is with our configuration or a parser.

Cheers,
Isuru

IsuruTharanga · ‎04-02-2020

Hi Dan,

Please find the Sample Logs herewith.

Cheers,
Isuru-------------------------------------------
Original Message:
Sent: 04-02-2020 04:53
From: Daniel Hanman
Subject: FortiSIEM - Windows Powershell

Hi Isuru,

Do you have any sample events that you can share?

Thanks

Dan
Original Message:
Sent: 04-02-2020 02:40
From: Isuru Tharanga
Subject: FortiSIEM - Windows Powershell

Hi,

We are trying to integrate Windows PowerShell logs using the FortiSIEM Windows agent and currently, we have configured Powershell Operational logs. But we have an issue with the given Windows Powershell Event logs where they are not parsing.

We would like to know whether the issue is with our configuration or a parser.

Cheers,
Isuru

FortiSIEM - Windows Powershell

Nominate a Forum Post for Knowledge Article Creation