How to import MISP data threat feeds in to FortiSIEMNote: requires "jq"
to be installed on the Supervisor node. wget -O jq
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod
+x ./jqcp jq /usr/bin
Not sure I completely understand the question .... but if it is can ip
ranges be defined, then yes .. single IP, IP-IP etc..
192.168.2.10, 172.16.10.28,
192.168.0.10-192.168.0.404
You could look into the API if you have knowledge of scripting
https://docs.fortinet.com/document/fortisiem/6.7.5/integration-api-guide/435603/create-or-update-credentials
Absolutely your method for these kinds of logs is correct...You would
just create as many case statements as needed. In some cases you might
set two or more cases to the same eventType as
below.PasswordState-Login-SuccessPasswordState-Login-SuccessPa...