If you want to create a new event type for a specific log, such as MFA,
you can use the following when condition:Then, update the eventType using
combineMsgId:combineMsgId("MS_OFFICE365_EntraID_XXX_",
$status)Make sure to replace XXX with a relevant
...
Hi @KarlH,Once the attrKeyMap is added, it will move the outcome of
RequestType into the loginType event attribute. Later, you can add a
rule to monitor the loginType event attribute and generate an incident.
Hi @Tiger To forward OCI Firewall traffic logs to FortiSIEM, :Enable
Logging in OCI:Navigate to the OCI Console, enable the Logging Service,
and locate the Service Logs section. Look for Network Firewall Logs and
ensure logging is enabled.Refer to th...