Zyxel ATP700 to SIEM
I'm trying to forward the VPN logs of a Zyxel ATP700 to my SIEM (InsightIDR), the forwarding works fine, but I can't format them as indicated in this documentation
Can someone help me?
Based on the page you linked you'd need to produce a specific JSON structure. I'd need to understand the collection setup to provide better input.
This can be quite easily done by defining fields as appropriate then using
to_json() to create the output JSON.
I have not looked into what transport Rapid 7 might expect, but om_tcp or perhaps om_http
Please review the documentation about event fields and our JSON extension: