Configuring QRadar to categorize App Ctrl events for Fortinet Fortigate Security Gateway
If you want to categorize App Ctrl events based on the Action field in IBM® QRadar®, use the DSM Editor to enable the App Ctrl events.
By default, Fortinet Fortigate Security Gateway App Ctrl events are categorized as notice/informational.
- On the Admin tab, in the Data Sources section, click DSM Editor.
- From the Select Log Source Type window, select Fortinet FortiGate Security Gateway from the list, and click Select.
- On the Configuration tab, set Display DSM Parameters Configuration to On.
- From the Event Collector list, select the event collector for the log source, and click Select.
- Set Categorize App Ctrl Logs Based on Action Field to On.
- Click Save and close the DSM Editor.