Hello everyone,I would like to ask for assistance regarding a
Passwordstate parser. Has anyone already worked on it?One of the major
challenge I am having is the lack of Passwordstate syslog documentation.
I only has been able to find this page that ...
Hello everyone,While going through Crowdstrike events I noticed that
FortiSIEM is missing all Time Stamps from all Crowdstrike parsers:
"FalconDataRepParser", "FalconStreamingParser", and
"CrowdStrikeFalconParser".This is a sample of one of the event...
Hello there,We are getting events from Crowdstrike into FortiSIEM and no
many fields are been parsed. I am working in adding the additional
fields but I would like to hide when fields ='0'.Because so many fields
are coming over it doesn't make sense ...
Hello there,The following rules was created and adapted from an Exabeam
query. See original post
below.https://community.exabeam.com/s/article/Detecting-CVE-2021-44228-Log4j2-using-ExabeamEvent
type != FortiGate-ips-signature-51006 [we do not want to...
Hello there,I am currently on version 6.1.1 and noticed that
"CiscoFTDParser" is not parsing all the fields.A little of everything is
happening: 1- For some evens the "Computer" fields is been assign to
"user" field.2- Multiples fields as missing suc...
I am having the same issue where 'phAnomalyWorker' is 'down' in two
workers after an upgrade.The worker was rebooted two times and
phAnomalyWorker still down.
Thank you so much Ken, I appreciate it a lot! This is great, It works
for me!Crowdstrike Falcon Data Replicator contains over 200 events and
each events approximately 83 fields. There are a lot of "Count" fields
so a lot of them are ='0'. See below s...
I attempted to upgrade multiples times already to version 6.4 from
6.3.3. Is there any know bug? a ticket was created with Support -
5743278. No update so far.Thanks
Thanks Karn, It worked for me. See below a portion of the parser code
for anyone who may be on the situation. \> User
\<\> IP \<\> IPv4 Address
\<\>]]>replaceStringByRegex($user, "\s",
".")\> User
\<.\> IP
\<\> IPv4 Address
\<\>]]>