How to import MISP data threat feeds in to FortiSIEMNote: requires "jq"
to be installed on the Supervisor node. wget -O jq
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod
+x ./jqcp jq /usr/bin
If you need to split the message into multiple messages you can look
into the "splitJsonEvent" function.
https://help.fortinet.com/fsiem/6-6-4/Online-Help/HTML5_Help/paser-inbuilt-functions.htm#Split
Look at the "BitdefenderGravityZoneParser" for an ...
Try this ... for starters .. its a partial shell for the one log message
(which was not a full log)..Look up the FortiSIEM Parser Training on
https://training.fortinet.com/ for some reference material.
2 questions to answer here.a) Where in the list (there is an order) did
you place the new (BlueCat) parser? b) The error you are reporting looks
like you have two parsers enabled that match the test message. ie: it
was trying to match the parser you ...
