About KenMickeletto1

KenMickeletto1 · 01-26-2022

Hi Tony,The best way to handle this is to capture the field into a temporary variable and then only set it to a permanent variable if the value is a desired value. \]\s+\[\]:<_body:gPatMesgBody>]]> Crowdstrike-FDR-Generic $_allocateVirtualMe...

KenMickeletto1 · 09-03-2021

Hi John,I just ran through this on a 6.3.0 and it seems to be working perfectly. openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout /etc/pki/tls/private/tls-collector1.key -out /etc/pki/tls/certs/tls-collector1.crt chmod 640 /etc/pki/tl...

KenMickeletto1 · 07-14-2021

Hi Kevin,You are correct, technically this operation could be completed in the parser by way of the collectAndSetAttrFromAnotherEvent function.Example from IronportMailParser $AnotherEvent.receiverMailAddr In your case, you would want to retriev...

KenMickeletto1 · 04-22-2021

Hi Alex,There are multiple ways to purge log data from FortiSIEM.To perform this within the GUI, simply go to Admin/Settings/Retention PolicyFrom there, you can create policies to purge events by customer org.------------------------------Ken--------...

KenMickeletto1 · 03-26-2021

Hi Kevin,I would urge you to contact FortiSIEM Support for more information on this. I am not 100% sure, but I suspect that this isn't supported at the moment. Once Support becomes aware of this, they can file a feature request on your behalf.Thanks!...

User Statistics

User Activity

RE: How to avoid parsing fields = '0'?

RE: FortiSIEM Collector (6.3) and TLS not working

RE: Total Interface Down time

RE: FortiSIEM - Manually deleting logs

RE: Fortisiem - Azure Government Cloud

FortiSIEM

KCS