Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
arpit06051 Valued Contributor.
Valued Contributor.
653 views

Fortigate FW categorization is missing

Jump to solution

Hi All,

We have integrated Fortigate FW log with ArcSight. But in the event, I can not see any event categorization.

Can anybody help me out as I have installed latest smart-connector and still no categorization for Fortigate.

Regards,

Arpit K

 

0 Likes
1 Solution

Accepted Solutions
arpit06051 Valued Contributor.
Valued Contributor.

Re: Fortigate FW categorization is missing

Jump to solution
Hi Andreas,

I updated the connector with latest content update & it fixed the Fortigate categorization issue.

Regards,
Arpit Khandelwal
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Fortigate FW categorization is missing

Jump to solution

Hi,

Have you already reported this MicroFocus support?
Other than that if there is no short term solution, you would have to create your own custom categorization based on the events you are receiving. I would primarely focus on the relevant events you want to use in your use cases as to handle the " low hanging fruit" and get some quick wins.

Kind regards,

David

arpit06051 Valued Contributor.
Valued Contributor.

Re: Fortigate FW categorization is missing

Jump to solution

Hi David,

Thanks for your revert.

I have raised the case with support team and currently waiting for their revert.

Regards,

Arpit K

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Fortigate FW categorization is missing

Jump to solution

Hello @arpit06051 

Would you mind to share a list of events that dont get categorized, just the "deviceEventClassId"?

 

Thanks

Andreas

0 Likes
arpit06051 Valued Contributor.
Valued Contributor.

Re: Fortigate FW categorization is missing

Jump to solution
Hi Andreas,

I updated the connector with latest content update & it fixed the Fortigate categorization issue.

Regards,
Arpit Khandelwal
0 Likes
aquillius.t@net Super Contributor.
Super Contributor.

Re: Fortigate FW categorization is missing

Jump to solution

Hi Arpit,

May I know what version of connector did you use? Does Fortinet now have  categorizations?

Thanks,

Aqui

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Fortigate FW categorization is missing

Jump to solution

aquillius.t@net  He applied " latest content update"...

 

cheers

A

0 Likes
Highlighted
Outstanding Contributor.. EricLamer Outstanding Contributor..
Outstanding Contributor..

Re: Fortigate FW categorization is missing

Jump to solution

Fortigate 5.4 and above does not have categorization because the ID in the logs changed and Micro Focus did not update it.  Opened a ticket about that and been waiting for a year for them to fix it.  Connector 7.11.1 still does not have categorization  working.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.