Eğitimler

FortiSIEM Parser

In this course, you will learn how to create custom parsers to extend the integration capability of FortiSIEM to a wider range of devices and custom applications. You will learn how parsers recognize the type of device or application that sent the data, extract and save key information from the log, and map the device type and log information to an event type.

Course outline

  1. Introduction
  2. Regular Expressions
  3. Event Format Recognizers
  4. Parsing Instructions
  5. Switch-Case Constructs
  6. Custom CMDB Event Types
  7. Choose-When Constructs
  8. Key Value Pair Logs
  9. Value List Logs
  10. Advanced Features

Course objectives

After completing this course, you will be able to do the following:

  • Examine how FortiSIEM determines which parsers to use
  • Review parser terminology and steps to create a parser
  • Identify different log types and structures
  • Review basic and advanced regex patterns
  • Use tools for regex validation and development
  • Identify appropriate uses of global and local patterns
  • Define local and global patterns
  • Identify common string patterns in event logs
  • Create event format recognizers
  • Configure parsing instructions to extract and map data
  • Build collectFieldsByRegex functions
  • Build setEventAttribute functions
  • Add comments to parser code
  • Build conditional matching logic capabilities in parsers
  • Parse and normalize date and time from logs
  • Add, categorize, and query the CMDB for new parser events
  • Create parsers for various log types
  • Manipulate extracted strings from logs
  • Perform calculations on variables or attributes
  • Calculate event severity with syslog priority values
  • Use advanced functions to parse JSON logs
  • Enable FortiSIEM support for logs in other languages

 

Who should attend?

Cybersecurity professionals responsible for creating custom parsers on FortiSIEM should attend this course.

Prerequisites

You must have an understanding of the topics covered in the following courses, or have equivalent experience:

  • FortiGate Security
  • FortiGate Infrastructure
  • FortiSIEM

It is also recommended that you have knowledge of programming languages and regular expressions.

 

Join Now

    Contact us for more information!

    ARE YOU READY?

    If you need this course, you can fill out the form or contact us.

      Contact us for more information!

      Back To Top