I wonder if it is possible to transfer logs to the SIEM afterwards. For example, if you have (historical) Windows event logs that you would like to analyze without transferring them via WinAgent. Is it possible to upload the log file?
FortiSIEM expects the log in a specific format (either what our agent sends it as or how we retrieve it via OMI/WMI). This means that a custom windows event log format such as a getting it from a file will not be recognized as we don't have a parser that can understand it.
Dušan Tomić - Consulting Systems Engineer INTL
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.