As we're expanding the use of our FortiSIEM, we've realized that not all logs are normalized properly, completely or in some case not at all. As we're fairly new to FortiSIEM, we're trying to figure out how to approach this - if we need to create our own normalization packages, if we can request them from Fortinet, if there are vendor-specific packages that can be requested or downloaded somewhere?
If we need to create our own, are there tools or do we copy an existing package and start working out what's what in the log we want to normalize?
Hello Mike,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Mike,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Here's some info on how to create your own parsers: https://help.fortinet.com/fsiem/6-7-4/Online-Help/HTML5_Help/Configuring_parsers.htm
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.