Some actions don't trigger SIEM events

Original Question or Issue:

I want to see in the logs which SIEM events are sent by FileCloud and i need to enable them all.

Environment:

• Product - FileCloud Server
• Version - Any
• Platform - Any

Steps to Reproduce:

Integrate FileCloud with a SIEM solution.

Error or Log Message:

Cannot locate SIEM events in FileCloud logs.

By default, not all actions trigger SIEM events.

Defect or Enhancement Number:

Cause:

Configuration.

Resolution or Workaround:

In all your FileCloud application nodes, edit the file:

Linux:/var/www/html/app/siem/maps/auditmap.php
Windows: <Drive_Letter>:\xampp\htdocs\app\siem\maps\auditmap.php

Remove the double slash characters from the lines below to enable all SIEM events:

$mappings[] = [
   'id' => '*',
   'prefilter' => [],
   'map' => [
       'eventClass' => '$operation',
       'eventName' => '$operation',
       'severity' => 2,
       'extension' => [
           'suser' => '$userName',
           'requestClientApplication' => '$userAgent',
           'src' => '$ip',
           'msg' => '$notes'
       ]
   ]
];

Restart the Message Queue service:

Linux: systemctl restart fcorchestrator; systemctl status fcorchestrator
Windows: Restart the Message Queue service from the FileCloud Control Panel.

Notes: