Re: Default Enabled Parsers

sioannou · 04-10-2024

Hi all, Just picking the brains of the community to see if someone has found a better solution to the problem below: Problem: Receipt of a JSON log which contains an array of critical information. Like the one below.{ "id": 909999, "cstName": "test1"...

sioannou · 02-28-2024

Hi all, Just wanted to check with the community who is using version 7.1.x and what are your views on the new GUI and the impact on internal process for SOCs and analyst time (Incident to Analysis to Closure). FortiSIEM Thanks, Sotiris

sioannou · 11-16-2023

Hi all, Just checking if someone is aware of a method for debugging SIEM rules when they trigger. We have been through the testing, replay logs in a controlled environment and testing variations of the matching conditions but in production we still s...

sioannou · 07-15-2022

Hi all, Does anyone know if it is possible to import a SOAR connector into a Code Snippet step for utilisation? An example of this would be the import of "Utilities" step to perform API queries. Thanks,Sotiris

sioannou · 04-07-2022

Hi all, We have a deployment of FortiAuthenticator where we use it as our SAML IDP for all services and platforms, including portal and various FortiNet products. We are using the self-registration portal of FortiAuthenticators for user self-registra...

sioannou · 04-15-2024

Hi @bhinangt , I think the Cluster configuration setting overwrites the configuration of the Agent. I would suggest opening a TAC ticket for the team to provide guidance on the matter. What you are describing above is not the expected behaviour of th...

sioannou · 04-15-2024

Hi, You need to unistall the agent and install it again with the correct information. Also please note if you have Admin->Settings->System->Cluster Config for the supervisor then I think it ovewrites the configuration of the agent. This needs to be t...

sioannou · 04-14-2024

Hi @bhinangt , Make sure during the installation the Supervisor IP/DNS is set as the collector IP or DNS name of the collector (if there is one). If you have the collector set correctly as a proxy then all the communication needs to flow via the coll...

sioannou · 04-14-2024

Hi @MBerube , I spend some time debugging the function to understand what is going on. So here is what I have learn. The collectAndSetAttrByJsonArray has the following format: src=the Array you want to parse into the function. In the example I gave ...

sioannou · 04-10-2024

Hi @adem_netsys ,You are on the right path, without the actual log (with parsed information), there isn't match guidance to provide on the matter. As a note on the first image you provided you can utilise a composite Filter with NOT CONTAIN function ...

User Statistics

User Activity

JSON Log Parsing

New FortiSIEM Interface Version 7.1.x

Debugging Rules on FortiSIEM

FortiSOAR Code Snippet Connector Import

FortiAuthenticator Self-Service Portal and SAML

Re: failed to register this agent computer with " fortiSIEM super "

Re: failed to register this agent computer with " fortiSIEM super "

Re: failed to register this agent computer with " fortiSIEM super "

Re: JSON Log Parsing

Re: SIEM: Exception Definition

Re: Default Enabled Parsers

Re: FortiSIEM: Moving database to another instance

Re: FortiAuthenticator SAML for FortiSIEM

JSON Log Parsing

Re: Would like to know the process to shutdown and...

Re: Would like to know the process to shutdown and...

Re: FortiSIEM alerts classification

Re: [FortiSIEM]Process of Log Capture and Rule Cre...

Re: Default Enabled Parsers

Re: FortiSIEM: Moving database to another instance

FortiSIEM

FortiSOAR