How to import MISP data threat feeds in to FortiSIEMNote: requires "jq"
to be installed on the Supervisor node. wget -O jq
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod
+x ./jqcp jq /usr/bin
You could use an Advanced Search (SQL) to do this, as long as your event
database is ClickHouse. If you want to use a rule, make sure the SQL
display columns do not contain spaces.
If you are using ClickHouse as the Event Database, this is easily
performed via a SQL Query.Out the box there is a query named "Existing
Devices not reporting today", and the modified query below should be
good for 5 hours , assuming that the device ...
Was TAC successful in helping here?I'd suggest providing a sample
unparsed event.. and look within the sample for the "EventRecordID".Then
on the Windows Device reporting the data .. filter for the same
EventRecordID and provide a copy of the XML Vie...
Lukas, this version references every device in the CMDB via lookup
table. # CMDB Report1) Create a CMDB Report to return all Devices in
CMDB. For Step 2: Notice how optionally you can filter Device IPs you do
not want to include .. (or reference the ...
