Creating Custom Parsers and Monitors for Devices
Creating a custom parser for device logs involves writing an XML specification for the parser, and then using a test event to make sure the logs are parsed correctly. Creating a custom monitor involves defining a performance object that you want to monitor, associating that performance object to a device type, event type, and event attribute type, and then testing to make sure that the monitored metrics are correctly received by FortiSIEM. You can create custom monitors for system and application performance, command outputs, and file monitoring.
Creating a Custom Multi-Line SSH Command Output Monitor
Creating a Custom WINEXE Command Output Monitor
Custom File Monitor
Agent-less File-Integrity Monitoring
Agent-less Target File Monitoring Custom Configuration Change Monitoring