Hi, Recently we received multiple logs from a FortiGate appliance that
are related to the "diag log test" command like the one below
date=2024-05-10 time=17:33:16 devname="firewall" devid="ID" eventtime=
tz="" logid="0419016384" type="utm" subtype="i...
Hi all, Just picking the brains of the community to see if someone has
found a better solution to the problem below: Problem: Receipt of a JSON
log which contains an array of critical information. Like the one
below.{ "id": 909999, "cstName": "test1"...
Hi all, Just wanted to check with the community who is using version
7.1.x and what are your views on the new GUI and the impact on internal
process for SOCs and analyst time (Incident to Analysis to Closure).
FortiSIEM Thanks, Sotiris
Hi all, Just checking if someone is aware of a method for debugging SIEM
rules when they trigger. We have been through the testing, replay logs
in a controlled environment and testing variations of the matching
conditions but in production we still s...
Hi all, Does anyone know if it is possible to import a SOAR connector
into a Code Snippet step for utilisation? An example of this would be
the import of "Utilities" step to perform API queries. Thanks,Sotiris
Hi @AlexC-FTNT , Thank you for your response, is there a reference
somewhere for the test_attack? We couldn't track anything in the
documentation or FortiGuard websites in the logs. Thanks, S
Hi @Bruce7x2 , Please see below:1) Yes, you can either use tcpdump to
check port 443 (Agent logs) and 514 (Device Logs). Also the information
is stored in the location /opt/phoenix/cache/parser/events 2) Yes the
logs will be transferred to the superv...
Hi @bhinangt , I think the Cluster configuration setting overwrites the
configuration of the Agent. I would suggest opening a TAC ticket for the
team to provide guidance on the matter. What you are describing above is
not the expected behaviour of th...
Hi, You need to unistall the agent and install it again with the correct
information. Also please note if you have
Admin->Settings->System->Cluster Config for the supervisor then I think
it ovewrites the configuration of the agent. This needs to be t...
Hi @bhinangt , Make sure during the installation the Supervisor IP/DNS
is set as the collector IP or DNS name of the collector (if there is
one). If you have the collector set correctly as a proxy then all the
communication needs to flow via the coll...