Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
mbenvenuti
Staff
Staff

Created on ‎02-28-2025 07:42 AM

Article Id 379593

Technical Tip: How to start creating a customized parser

Description This article describes how to start creating a customized parser.
Scope FortiSIEM.
Solution

When it is required to create a new parser, it is a good practice to start from an existing parser with the below steps :

  • Go to the Admin -> Device support -> Parsers.
  • Disable the original system parser.
  • Clone and edit the cloned parser.
  • Add the required custom lines.
  • Validate.
  • Test using the sample provided.
  • Enable and apply this parser in GUI.
Labels:
390
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.