How to import MISP data threat feeds in to FortiSIEMNote: requires "jq"
to be installed on the Supervisor node. wget -O jq
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64chmod
+x ./jqcp jq /usr/bin
Sounds like you need to use DNS to resolve this. In the template
association.. use the "Virtual Collectors" option to give out a FQDN for
the collector, which for remote sites resolves to the required address.
Thanks ... So I think you have incompatibility issue here... Id suggest
you create a TAC case for this one.
https://docs.fortinet.com/document/fortisiem/7.1.6/fortisiem-version-compatibility-matrix/615062/fortisiem-version-compatibility-for-rocky-lin...
Just update this line... \.\s+<_body2:gPatMesgBody>]]>
And choose an appropriate attribute to extract the session count in to
.. (I used DB Session Count in the example above)