User Profile
Artham_Harish
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Pulse secure VPN Syslog Log attributes
Hello Team, We are new to sentinel, and we have integrated Pulse secure VPN logs to our sentinel through syslog and we see some logs coming in. We would like to know the below: 1) We are seeing very minimal attributes in the logs, please refer to the screen shot below. How to enable additional attributes? 2) We are trying to see if we have most common rules enabled like multiple logon failures. Etc. Which we do not see anywhere. Is there a way to enable those rules or download them or website which helps us to write the rules? 3) We are using FortiSIEM as our SIEM, is there a way we can translate the rules from FortiSIEM to sentinel KQL language? Any third-party software which transforms XML format to KQL query without errors? We are ready to buy. Also is there any consulting team who can help us? 4) We have also set up a Linux server and installed AMA on it to send Syslog to Sentinel. Thank you.How to split the Fortinet firewall logs into two different table
We are collecting Fortinet firewall logs via CEF connector Via AMA, we have duplicated common security log table into analytical and basic table. Also created the DCR but unsure what filter need to be applied in Transform KQL to move the data to what table. which are the essential column data that needs to be moved to analytical table and what to be moved to basictable. JairusOSI
