Can an administrator search for data from an unsupported device if custom event logs are sent to FortiSIEM?

An administrator can indeed search for data from an unsupported device if custom event logs are sent to FortiSIEM. This is possible because FortiSIEM is designed to handle logs from a variety of sources, including those that may not have direct or native support within the system. When custom event logs are configured and sent to FortiSIEM, the system can process these logs and store the information in a way that allows for searching and analysis.

This capability enhances FortiSIEM's flexibility and usability, enabling organizations to extract valuable insights from a wide range of devices, irrespective of the initial support status. As long as the custom logs are appropriately formatted and transmitted to FortiSIEM, the search functionality remains intact, allowing administrators to leverage the rich data generated even from unsupported devices. This not only improves security visibility but also enables better incident response and compliance monitoring capabilities.