After completing this course, you will be able to do the following:

• Examine how FortiSIEM determines which parsers to use
• Review parser terminology and steps to create a parser
• Identify different log types and structures
• Review basic and advanced regex patterns
• Use tools for regex validation and development
• Identify appropriate uses of global and local patterns
• Define local and global patterns
• Identify common string patterns in event logs
• Create event format recognizers
• Configure parsing instructions to extract and map data
• Build collect Fields By Regex functions
• Build set Event Attribute functions
• Add comments to parser code
• Build conditional matching logic capabilities in parsers
• Parse and normalize date and time from logs
• Add, categorize, and query the CMDB for new parser events
• Create parsers for various log types
• Manipulate extracted strings from logs
• Perform calculations on variables or attributes
• Calculate event severity with syslog priority values
• Use advanced functions to parse JSON logs
• Enable FortiSIEM support for logs in other languages