Hi Sadek,
In version 6.4.0 released a lookup table feature has been added that allows you to 1) Populate a table 2) use it for analytic filters and lookups
https://docs.fortinet.com/document/fortisiem/6.4.0/release-notes/456886/whats-new-in-6-4-0#Lookup
Here is an example of its use:
1) Create a lookup table with SourceIP and User as the values. Make the SourceIP field the key.
2) Populate the table using a scheduled report - report on the clearpass logs with user and IP mapped to the lookup table values. It should look like this
3) Add a filter as needed to Analytics. In this example we are saying, "Only show logs where the Source IP is in the Lookup Table AND the User in the Lookup Table is not 'N/A'"
4) The we use the Display Fields to Looup the Source IP and display the User
Let us know how you get on.
Thanks
Use the concept of lookup table in 6.4.0.
Store clear path for authentication in a lookup table with IP as key.
Created on
02-18-2022
04:28 AM
Edited on
12-04-2022
11:41 PM
By
apiMigrationUse
Hi Sadek,
We have posted a more in-depth blog post on this topic
https://community.fortinet.com/t5/FortiSIEM-Discussions/join-events-from-two-log-sources-together-in...
Thanks
Dan
------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Feb 08, 2022 02:18 PM
From: Sadek Abdelnasser
Subject: join events from two log sources together in search
we have fortigate and clear path for authentication of our wireless network, so we could get the username and his assigned ip from clear pass logs , and we can see that ip traffic and activities from firewall logs , How i can combine data from these two log source in one table , like i want to search for authentication activity for some users from clear pass then pass their ip to another search to get their activity from firewall logs and view that in one table ( show username, ip , destination he went to through firewall ) , is that possible ?
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.