IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

FortiWEB WAF DSM

Vladx(x)Mon August 01, 2022 12:19 PM

Hi, I'm looking for some advise on FortiWEB DSM. This WAF can send very well structured logs in CEF ...

Brian KwakTue August 02, 2022 01:29 AM

The only option will be Universal DSM and mapping the event manually. Haven't tried it for FortiWEB. ...

1. FortiWEB WAF DSM

Like
Vladx(x)
Posted Mon August 01, 2022 12:19 PM

Reply
Hi,

I'm looking for some advise on FortiWEB DSM. This WAF can send very well structured logs in CEF format, so parsing is not an issue. However there is no offical DSM for mapping so it is hard to use in any rules. Anyone here is already struggling with this, so can share some thoughts with me?

Thank you
Laszlo

------------------------------
Vladx(x)
------------------------------
2. RE: FortiWEB WAF DSM

Like
Brian Kwak
Posted Tue August 02, 2022 01:29 AM

Reply
The only option will be Universal DSM and mapping the event manually. Haven't tried it for FortiWEB.
https://www.ibm.com/docs/en/dsm?topic=configuration-universal-leef

------------------------------
Brian Kwak
------------------------------

Original Message

IBM QRadar

FortiWEB WAF DSM

Vladx(x)Mon August 01, 2022 12:19 PM

Brian KwakTue August 02, 2022 01:29 AM

1. FortiWEB WAF DSM

2. RE: FortiWEB WAF DSM

Additional
Resources

Office

Quick Links

IBM QRadar

FortiWEB WAF DSM

Vladx(x)Mon August 01, 2022 12:19 PM

Brian KwakTue August 02, 2022 01:29 AM

1. FortiWEB WAF DSM

2. RE: FortiWEB WAF DSM

Additional Resources

Office

Quick Links

Additional
Resources