最近在進行Arcsight的POC

整理了一下search 語法

fortigate virus | top destinationAddress

fortigate Malicious | top destinationAddress

fortigate ips AND (sourceAddress IS NOT NULL) | top sourceAddress

fortigate spam | top sourceAddress