Hello everyone,While going through Crowdstrike events I noticed that
FortiSIEM is missing all Time Stamps from all Crowdstrike parsers:
"FalconDataRepParser", "FalconStreamingParser", and
"CrowdStrikeFalconParser".This is a sample of one of the event...
Hello there,We are getting events from Crowdstrike into FortiSIEM and no
many fields are been parsed. I am working in adding the additional
fields but I would like to hide when fields ='0'.Because so many fields
are coming over it doesn't make sense ...
Hello there,I am currently on version 6.1.1 and noticed that
"CiscoFTDParser" is not parsing all the fields.A little of everything is
happening: 1- For some evens the "Computer" fields is been assign to
"user" field.2- Multiples fields as missing suc...
Thank you so much Ken, I appreciate it a lot! This is great, It works
for me!Crowdstrike Falcon Data Replicator contains over 200 events and
each events approximately 83 fields. There are a lot of "Count" fields
so a lot of them are ='0'. See below s...
I attempted to upgrade multiples times already to version 6.4 from
6.3.3. Is there any know bug? a ticket was created with Support -
5743278. No update so far.Thanks
-------------------------------------------Original Message:Sent: Jan
26, 2022 09:46...
The link is asking for credentials, I am not able to access to it even
by having access to Support portal and been registered in the
community.-------------------------------------------Original
Message:Sent: Dec 13, 2021 10:12 AMFrom: Daniel HanmanS...
Thanks Karn, It worked for me. See below a portion of the parser code
for anyone who may be on the situation. \> User
\<\> IP \<\> IPv4 Address
\<\>]]>replaceStringByRegex($user, "\s",
".")\> User
\<.\> IP
\<\> IPv4 Address
\<\>]]>-------------------...
Karn,All missing events were added to the parser and now we are parsing
most of the events. I noticed that for some event types, for example:
"%FTD-4-722041" and many others the "User" field contains "User Name" or
"Computer Name". See below an examp...
