Zyxel ATP700 to SIEM

#1 domep (Last updated )


I'm trying to forward the VPN logs of a Zyxel ATP700 to my SIEM (InsightIDR), the forwarding works fine, but I can't format them as indicated in this documentation


Can someone help me?

Thank you

#2 gahorvath


Based on the page you linked you'd need to produce a specific JSON structure. I'd need to understand the collection setup to provide better input.

This can be quite easily done by defining fields as appropriate then using to_json() to create the output JSON.

I have not looked into what transport Rapid 7 might expect, but om_tcp or perhaps om_http 

Please review the documentation about event fields and our JSON extension: