Hi everyoneJust wrote a (rather rudimentary) ansible playbook to
automatically fix the log4j configuration issues shipped with FortiSIEM
6.3.x. Please find it attached.RegardsSimon Copyright (c) 2021 Simon
Monai | Sidarion AG Permission is hereby gra...
Hi everyoneI just enabled the LDAPS Authentication on the FortiSIEM and
it works fine. The only thig that I'm not yet completely happy about is
that I can not enable "Check Certificate" as the certificate check seems
to fail.I do have a local certifi...
Hi Ali I actually was surprised to not find Rocky Linux in the list of
officially tested OSes for the FortiSIEM Linux Agent (for 7.1.6 see Docs
> FortiSIEM 7.1.6 > Linux Agent Installation Guide) as the SIEM itself
is now running on Rocky Linux itsel...
Hi The FortiSIEM does not rely on the Agent to open a RDP session, it's
completely independent. You need to enable RDP on the enpoint (please
don't disable but reconfigure the Windows Firewall) and active RDP, then
it should work.You need credentials...
Hi I observed as well that the logs from Devices that are "pending" are
being accepted (on 6.7 until at least 7.0). I assume that the rules do
not care at all if the source device of the log is pending or accepted
to trigger, so I'm almost certain th...
Hi It's noted in the upgrade guide, eg.
here:https://docs.fortinet.com/document/fortimanager/7.2.0/upgrade-guide/833804/creating-a-snapshot-of-vm-instances
Regards
Hi AliI once did that a long time ago with Splunk, if I remeber
correctly there we used the Session ID to match the logs of a WAF to the
original IPs masked by the Fortigate in front of
it.RegardsSimon-------------------------------------------Origin...
