Lets spam this thread also, I have a bit related problem, with CIM 4.12.0, ES 5.2.1 and Splunk 7.2.3 and Fortigate add-on 1.6.0 the signature from IPS says "unknown" instead of real signature sent by device. Signatures are however visible in Fortigate App for Splunk in the same Splunk instance. I can't seem to pinpoint where this gets broken. 😕 Any advice?
... View more