locked
Parse logs sent from ATA to SIEM RRS feed

  • Question

  • Hello team,

    Is there a way to parse the logs sent by ATA to FortiSIEM. FortiSIEM received the logs just fine but there are not defined by category/types

    Any outcome woul be appreciate!

    Thanks in advance!

    Jose Mauricio Gomez

    • Moved by Dave PatrickMVP Thursday, December 17, 2020 7:01 PM looking for forum
    Thursday, December 17, 2020 5:34 PM

Answers

  • I'd try asking for help over here.

    ems-advanced-threat-analytics - Microsoft Q&A

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Guido Franzke Friday, December 18, 2020 8:37 AM
    • Marked as answer by Guido Franzke Wednesday, December 23, 2020 6:59 AM
    Thursday, December 17, 2020 7:01 PM

All replies

  • I'd try asking for help over here.

    ems-advanced-threat-analytics - Microsoft Q&A

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Guido Franzke Friday, December 18, 2020 8:37 AM
    • Marked as answer by Guido Franzke Wednesday, December 23, 2020 6:59 AM
    Thursday, December 17, 2020 7:01 PM
  • Just did it, thanks Dave!!
    Thursday, December 17, 2020 7:40 PM
  • You're welcome.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, December 17, 2020 7:40 PM