Hi,
we are using fortisiem of 4.10 version. I have Full-admin role. Now there are two issues. First, after running Real-time search and inspecting Event details i see raw log and user within, i see user is parsed correctly because in lines below there is that user, but when i check display bar there, user column is empty. Logs comes from various devices. Is it somehow possible to see this correctly parsed users display in incident, reports, columns?
Second, when i create and run Report, Users column and Raw message are empty. For Raw message in reports i read this is possible if Data Obfuscation si disabled for user/role but this option is not avilable in 4.10 version, or at least i didnt find it nor in guide nor in place where it is in 5.2.1. Is there some workaround or only solution is upgrading?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If the User is parsed from the raw event and when looking at the event (Raw log + Attributes) you see the User then you should definitely see the User in the Analytics view.
Data Obfuscation is not in 4.10, so that would not be the issue.
Are you able to provide any screenshots of the Analytics settings... the display columns and the filter conditions?
I would suggest opening a support case or consider upgrading to 5.2.1.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.