Re: CA Signed Certificate process

Rob_SIEM · 06-22-2025

Hi Adem, Any custom logs we can build parsers for in FortiSIEM, you just need a distinct header format of the log to make it distinguishable from other logs. If the data first hits logstash then you have full control to modify how the data appears. T...

Rob_SIEM · 01-28-2025

Hi Karl and Team, Just as a heads up, we already have a nice field name to map for this called "requestType (display name: Request Type)". In the corrected system parser we will use this attribute if you would like to update yours to match. Thanks,

Rob_SIEM · 10-29-2024

When you see this error, it means that the test log given, we "expected" it to use the parser we are testing, but in fact it did not match this parser, or any other parser. This indicates that the regex does not match the header of this log. I can c...

Rob_SIEM · 10-15-2024

Hi Karl, The attached example parser worked for the full sample log you provided. The important part of this parser is this section: replaceStringByRegex($msg, ":\s*\"\[\\", ":") replaceStringByRegex($msg, "\\\"\]\",", "\",") Remember that each of t...

Rob_SIEM · 10-10-2024

Btw for this, event attributes must be defined in FortiSIEM first. accountId is defined, but it is case sensitive. accountid will result in an error. If you defined a custom FortiSIEM event attribute in FortiSIEM (programmatic name "morphisecAttackM...

User Statistics

User Activity

Re: Json Log Parsing

Re: Need to modify Office365Parser-v1.2 to pick up two new fields seeking guidance.

Re: Cannot Enable a new parser which passes validation and testing SIEM 7.1.3 GUI Parser window

Re: Seeking some code review on parser xml code, failing testing. FortiSIEM 7.1

Re: Seeking some code review on parser xml code, failing testing. FortiSIEM 7.1

Re: CA Signed Certificate process

Re: Seeking some code review on parser xml code, f...

Re: KeyValuePairMultiValue within a JSON type log.

KCS

User Statistics

User Activity

You are leaving our website