Dear Team,Based on the article "Ingesting JSON Formatted Events Received
via HTTP(S) POST", I attempted to import logs from my DHCP Server (note:
these are actual log files, not real-time logs sent by the DHCP Server).
However, I encountered several ...
Hi Team,Regarding the disconnection situation between the Collector and
the Supervisor, do we have a method to check how many logs are stored in
the Collector, thereby ensuring that the Collector will send these logs
to the Supervisor after reconnect...
Dear Team,As we know, FortiSIME started supporting VisionOne logs from
version 7.1.1.Who knows what kind of correlated alerts will be generated
when FortiSIEM receives logs from VisionOne? (Alerts that would not
appear on the VisionOne platform)After...
Hi Team, I currently have a FortiSIEM version 7.0.2, but I can’t find
any official documentation stating that it supports log collection for
TrendMicro VisionOne. However, I can see from the FortiSIEM External
Systems Configuration Guide (7.1.1) that...
Dear Team, Version: FortiSIEM 7.0.2 (Supervisor &
Collector)Description:1. I have an environment here where the NTP was
originally set up and functioning correctly. However, I've noticed a
strange situation where my calibration has gone wrong, and I'...
Dear cdurkin,a) Where in the list (there is an order) did you place the
new (BlueCat) parser?I don’t quite understand what you mean.Basically, I
created the parser according to the article “Ingesting JSON Formatted
Events Received via HTTP(S) POST”.…...
I encountered a strange phenomenon in my environment. I tried using the
default parser to run a test, such as the default
CiscoUmbrellaJSONParser, but it resulted in an error. Normally, the
default parser should pass the test, right?
Dear cdurkin, I copied and pasted the content you provided into my
FortiSIEM environment. Although the parser validation passed, the test
did not.I directly copied the log from the “Test Event” section of your
content into the test field.In this rega...
Dear Rob,I greatly appreciate your professional assistance, which has
provided me with very useful information. I am making progress towards
my goal step by step (normalizing this DHCP JSON log and displaying
relevant information through the Dashboar...
Dear Rob,You’re correct in your understanding, the log example is indeed
from BlueCat.I have successfully sent logs to FortiSIEM via "HTTP" using
curl without the need for account and password information. This process
involves adding a whitelist to ...
