How to import MISP data threat feeds in to FortiSIEMNote: requires "jq"
to be installed on the Supervisor node. wget -O jq
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod
+x ./jqcp jq /usr/bin
So I believe with that version of FortiSIEM, you event would be matching
the WinOSWmiParser If you are comfortable editing parsers, you can add
this extra statement below to the xml that is processing the
18456 eventId
'\..*?\[CLIENT: <_srcId:gPat...
If you need to split the message into multiple messages you can look
into the "splitJsonEvent" function.
https://help.fortinet.com/fsiem/6-6-4/Online-Help/HTML5_Help/paser-inbuilt-functions.htm#Split
Look at the "BitdefenderGravityZoneParser" for an ...
Try this ... for starters .. its a partial shell for the one log message
(which was not a full log)..Look up the FortiSIEM Parser Training on
https://training.fortinet.com/ for some reference material.