Custom decoder and rule for Fortigate v7.x

[Daniel Olivares]

Hello everyone, 

I would like to share a decoder and ruleset that I made for Fortigate 60E v7.X. The default decoder and rules did not work when I integrated the firewall by syslog 514.

https://github.com/k0jir0900/Wazuh_CustomRules 

Hopefully they can be included in the decoders and base rules.

[Jose Antonio Izquierdo]

Hi Daniel, Thanks for your contribution, we will analyze it and mix with the current ruleset. It may take time to be added as we are working in the new engine with new capabilities for decoder and rules. 

Thanks again. 

Best regards, 

Jose. 

[Daniel Olivares]

Thank you very much for your response and I remain attentive to any questions you have.

Cheers!

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/831d9fe0-ce52-4c5b-90c2-528ec9e295e2n%40googlegroups.com.

--

[Ada Rey]

Did this these decoder rules ever make it into current Wazuh 4.7.1 ??? Just trying to figure out if I need to build this out more or what the status is for implementation. 

I have a 100F that I am setting up and it seems like some of the logs are coming in, but not "all". The setting it correctly set on the Fortigate for all logs. 

Thanks guys

[Moshe Shvo]

Hi Ada,

we are in the same situation as you - did you got answers? do you have decoder that you can share for forti 100 with fotigate v7.x machine?

thanks in advanced

Moshe