Hi, I am getting MSSQL audit logs with Agent on the windows machine
where Microsoft SQL Server is located. Here I want to parser important
information in the log such as Statement (Insert, Select, Create,
Alter), DB Name etc. The logs coming to SIEM ...
Hi guys, In an environment with 7.1.5 Enterprise, the incident continues
to trigger after disabling some rules. Have we hit a bug before, has
anyone encountered this situation before?
Hi guys, I am using a windows agent with 7.1.0 Agent, some fields in the
incoming log are not parsed and some fields in the incidents in the
default rules it hits are empty. Normally, I think there should not be
such a situation in the default parser...
Hi guys, We have an environment with about 200 windows machines where
windows agent is installed, but in some environments there is 7.1.0.9
while in some environments there is 7.2.0.115 version. In environments
with 7.2.0.115, windows parsers did not...
I use Cloud EDR so we have the latest version. Windows version is 11.
The agent version installed on Windows is 5.2.2. After the last
mandatory windows upgrade I get an OS not supporting error, so it is
degraded. I can't see a more updated package, i...
I have the same problem. The problem I see is that when OPManager sends
the logs inside, SIEM interprets it as coming from the ip's it sees by
looking inside the log, can you test this? We could not get our own log.
@cdurkin_FTNT I am using Application/Sqlserver in Windows Agent Event
Type.2025-01-06T08:53:39Z ANONYMIZED.host 192.168.0.1
FSM-WUA-WinLog-Application [phCustId]="0" [customer]="Anonymous"
[monitorStatus]="Success" [Locale]="en-US"
[MachineGuid]="000...
