Hi,
I get logs from Sentinelone with syslog and the previously parsed logs do not parser, it hits a different parser. Fortinet has a default parser and when I examine the documentation, it should parser in CEF format. Has anyone encountered this situation?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you expand on this?
You have SentinelOne logs via syslog and after an upgrade they no longer parse?
What is the Event Parser that is matching these events?
Are they still in CEF format?
Is old message header vs new message header different?
Created on 07-10-2024 12:02 AM Edited on 07-10-2024 12:29 AM
I can't see a CEF in the log right now. When I checked the old logs, they were also in unknown status.
Does anyone have a parser in Json format related to SentinelOne?
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.