FortiSIEM Creating Custom Parsers and Monitors for Devices

Leave a reply

Creating Custom Parsers and Monitors for Devices

Creating a custom parser for device logs involves writing an XML specification for the parser, and then using a test event to make sure the logs are parsed correctly. Creating a custom monitor involves defining a performance object that you want to monitor, associating that performance object to a device type, event type, and event attribute type, and then testing to make sure that the monitored metrics are correctly received by FortiSIEM. You can create custom monitors for system and application performance, command outputs, and file monitoring.

Creating a Custom Multi-Line SSH Command Output Monitor

Creating a Custom WINEXE Command Output Monitor

Custom File Monitor

Agent-less File-Integrity Monitoring

Agent-less Target File Monitoring Custom Configuration Change Monitoring

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.