Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Admin Authentication Activity |
Base Rule |
General Firewall Event |
Information |
|
Global Setting Changed |
Sub Rule |
Session Setting Changed |
Other Audit Success |
|
Host Name Changed |
Sub Rule |
Host Information Changed |
Information |
|
GUI Session Timeout |
Sub Rule |
Session Timeout |
Warning |
|
Changed The Listeningsource Port |
Sub Rule |
General Information |
Information |
|
Setting Changed |
Sub Rule |
Session Setting Changed |
Other Audit Success |
|
Admin Profile Created |
Sub Rule |
User Account Created |
Account Created |
|
Admin Profile Changed |
Sub Rule |
User Account Attribute Modified |
Account Modified |
|
Admin Profile Deleted |
Sub Rule |
User Account Deleted |
Account Deleted |
|
Admin Account Created |
Sub Rule |
User Account Created |
Account Created |
|
Admin Account Changed |
Sub Rule |
User Account Attribute Modified |
Account Modified |
|
Admin Account Deleted |
Sub Rule |
User Account Deleted |
Account Deleted |
|
Wccp Added |
Sub Rule |
Object Added |
Access Success |
|
Wccp Edited |
Sub Rule |
Object Modified |
Access Success |
|
Wccp Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Vlan Created |
Sub Rule |
Object Added |
Access Success |
|
Ip Changed |
Sub Rule |
Object Modified |
Access Success |
|
Vlan Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Operation Changed |
Sub Rule |
Object Modified |
Access Success |
|
Bridge Created |
Sub Rule |
Object Added |
Access Success |
|
Bridge Changed |
Sub Rule |
Object Modified |
Access Success |
|
Bridge Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Ip Of Sync Peer Changed |
Sub Rule |
Object Modified |
Access Success |
|
Dns Changed |
Sub Rule |
Object Modified |
Access Success |
|
Systemwide Changed |
Sub Rule |
Object Modified |
Access Success |
|
Snmp Community Added |
Sub Rule |
Object Added |
Access Success |
|
Snmp Changed |
Sub Rule |
Object Modified |
Access Success |
|
Snmp Community Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
IP Of SNMP Added |
Sub Rule |
Object Added |
Access Success |
|
Snmp Community Edit IP Of SNMP |
Sub Rule |
Object Modified |
Access Success |
|
Snmp Community Delete Ip Of SNMP |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Setting Of FDS Changed |
Sub Rule |
Object Modified |
Access Success |
|
Configuration Of Appliance Changed |
Sub Rule |
Object Modified |
Access Success |
|
Backup To FTP/SFTP Created |
Sub Rule |
Object Added |
Access Success |
|
Backup To FTP/SFTP Changed |
Sub Rule |
Object Modified |
Access Success |
|
Backup To FTP/SFTP Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
TCP SYN DOS Setting Changed |
Sub Rule |
Object Modified |
Access Success |
|
Stored Server Certificate Uploaded |
Sub Rule |
Object Addedd |
Access Success |
|
Stored Server Certificate Changed |
Sub Rule |
Object Modified |
Access Success |
|
Stored Server Certificate Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Certificate Of HTTP CRL Added |
Sub Rule |
Object Added |
Access Success |
|
Certificate Of HTTP CRL Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Certificate Added |
Sub Rule |
Object Added |
Access Success |
|
Certificate Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Certificate Authorities Group Added |
Sub Rule |
Object Added |
Access Success |
|
Certificate Authorities Group Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Intermediate Certificate Added |
Sub Rule |
Object Added |
Access Success |
|
Intermediate Certificate Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Intermediate Certificate Group Added |
Sub Rule |
Object Added |
Access Success |
|
Intermediate Certificate Group Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Certificate CRL Added |
Sub Rule |
Object Added |
Access Success |
|
Certificate CRL Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Certificate Rule Added |
Sub Rule |
Object Added |
Access Success |
|
Certificate Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
Certificate Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Server Added |
Sub Rule |
Object Added |
Access Success |
|
Server Changed |
Sub Rule |
Server State Change |
Information |
|
Server Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Systemwide Fortiguard Changed |
Sub Rule |
Object Modified |
Access Success |
|
Locallydefined Added |
Sub Rule |
Object Added |
Access Success |
|
Locally Changed |
Sub Rule |
Object Modified |
Access Success |
|
Locallydefined Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Ldap Added |
Sub Rule |
Object Added |
Access Success |
|
Ldap Changed |
Sub Rule |
Object Modified |
Access Success |
|
Ldap Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Radius Created |
Sub Rule |
Object Added |
Access Success |
|
Radius Changed |
Sub Rule |
Object Modified |
Access Success |
|
Radius Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Ntlm Added |
Sub Rule |
Object Added |
Access Success |
|
Ntlm Changed |
Sub Rule |
Object Modified |
Access Success |
|
Ntlm Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
User Added |
Sub Rule |
Object Added |
Access Success |
|
User Changed |
Sub Rule |
Object Modified |
Access Success |
|
User Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Admin Added |
Sub Rule |
Object Added |
Access Success |
|
Admin Group Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Snmp User Added |
Sub Rule |
Object Added |
Access Success |
|
Snmp User Edited |
Sub Rule |
Object Modified |
Access Success |
|
Snmp User Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
IP Of SNMP Added |
Sub Rule |
Object Added |
Access Success |
|
IP Of SNMP Edited |
Sub Rule |
Object Modified |
Access Success |
|
IP Of SNMP Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Auth Pages Added |
Sub Rule |
Object Added |
Access Success |
|
Auth Pages Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Replacement Message Edited |
Sub Rule |
Object Modified |
Access Success |
|
Fortigate Intergration Edited |
Sub Rule |
Object Modified |
Access Success |
|
New Firmware Use |
Sub Rule |
General Audit Messages |
Information |
|
Connection To Syslog Server Configured |
Sub Rule |
General Audit Messages |
Information |
|
Connection To Syslog Server Configuration Changed |
Sub Rule |
Object Modified |
Access Success |
|
Connection To Syslog Server Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Email Policy Added |
Sub Rule |
Policy Created : Object |
Policy |
|
Change Made To Email Policy |
Sub Rule |
Object Modified |
Access Success |
|
Email Policy Deleted |
Sub Rule |
Policy Disabled : System |
Policy |
|
Config Added To Send Message To FTP |
Sub Rule |
Object Added |
Access Success |
|
Config Edited To Send Message To FTP |
Sub Rule |
Object Modified |
Access Success |
|
Config Deleted To Send Message To FTP |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Config Added To Send Message To FortiAnalyzer |
Sub Rule |
Object Added |
Access Success |
|
Config Changed To Send Message To FortiAnalyzer |
Sub Rule |
Object Modified |
Access Success |
|
Config Deleted To Send Message To FortiAnalyzer |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Trigger Policy Added |
Sub Rule |
Object Added |
Access Success |
|
Trigger Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Trigger Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Enabled Or Disabled Storing Log On Appliance |
Sub Rule |
General Audit Messages |
Information |
|
Config Changed To RAM |
Sub Rule |
General Audit Messages |
Information |
|
Cock Updated VIA NTP |
Sub Rule |
General Audit Messages |
Information |
|
Config Changed For Recording Attack Log |
Sub Rule |
General Audit Messages |
Information |
|
Storing Traffic Log Enable/Diable |
Sub Rule |
General Network Traffic |
Network Traffic |
|
Event Log Recording Config Changed |
Sub Rule |
Object Modified |
Access Success |
|
No Enough Hard Disk Space |
Sub Rule |
Disk / Storage Full |
Critical |
|
IP Later Static Route Created |
Sub Rule |
Route Created |
Information |
|
IP Later Static Route Changed |
Sub Rule |
General Route Information |
Information |
|
IP Later Static Route Deleted |
Sub Rule |
Route Deleted |
Information |
|
Concurrent Session Reached |
Sub Rule |
Session Information |
Information |
|
Server Health Check Created |
Sub Rule |
Object Added |
Access Success |
|
Server Health Check Edited |
Sub Rule |
Object Modified |
Access Success |
|
Server Health Check Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Server Health Check Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Server Health Check Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
Server Health Check Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Server Availablity Monitor Created |
Sub Rule |
Object Added |
Access Success |
|
Server Availablity Monitor Changed |
Sub Rule |
Object Modified |
Access Success |
|
Server Availablity Monitor Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Network Service Created |
Sub Rule |
Object Added |
Access Success |
|
Network Service Changed |
Sub Rule |
Object Modified |
Access Success |
|
Network Service Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Virtual Server Added |
Sub Rule |
Object Added |
Access Success |
|
Virtual Server Edited |
Sub Rule |
Object Modified |
Access Success |
|
Virtual Server Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Httplayer Route Created |
Sub Rule |
Route Created |
Information |
|
Admin Edited The Server Pool |
Sub Rule |
General Audit Messages |
Information |
|
Httplayer Route Deleted |
Sub Rule |
Route Deleted |
Information |
|
Httplayer Route Changed |
Sub Rule |
General Route Information |
Information |
|
Added List Of HTTP Content Routing Policy |
Sub Rule |
Object Added |
Access Success |
|
Edited List Of HTTP Content Routing Policy |
Sub Rule |
Object Modified |
Access Success |
|
Deleted List Of HTTP Content Routing Policy |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Admin Uploaded A Customized Http |
Sub Rule |
Object Added |
Access Success |
|
HTTP Error Web Description Changed |
Sub Rule |
Object Modified |
Access Success |
|
HTTP Error Web Description Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Customized Data Defnition Created |
Sub Rule |
Object Added |
Access Success |
|
Customized Data Defnition Changed |
Sub Rule |
Object Modified |
Access Success |
|
Group Customized Data Defnition Created |
Sub Rule |
Object Added |
Access Success |
|
Group Customized Data Defnition Changed |
Sub Rule |
Object Modified |
Access Success |
|
Group Customized Data Defnition Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Customized Suspicious URL Created |
Sub Rule |
Object Added |
Access Success |
|
Customized Suspicious URL Changed |
Sub Rule |
Object Modified |
Access Success |
|
Customized Suspicious URL Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Group Customized Suspicious URL Created |
Sub Rule |
Object Added |
Access Success |
|
Group Customized Suspicious URL Changed |
Sub Rule |
Object Modified |
Access Success |
|
Group Customized Suspicious URL Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Customized Suspicious URL Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Customized Suspicious URL Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Customized Suspicious URL Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Admin Disabled Or Enabled Global Allow List Object |
Sub Rule |
General Audit Messages |
Information |
|
Allowed/Protected Host Defnition Created |
Sub Rule |
Object Added |
Access Success |
|
Allowed/Protected Host Defnition Changed |
Sub Rule |
Object Modified |
Access Success |
|
Allowed/Protected Host Defnition Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Dynamic URL Replacer Created |
Sub Rule |
Object Added |
Access Success |
|
URL Replacer Changed |
Sub Rule |
Object Modified |
Access Success |
|
URL Replacer Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Group URL Replacer Created |
Sub Rule |
Object Added |
Access Success |
|
Group URL Replacer Changed |
Sub Rule |
Object Modified |
Access Success |
|
Group URL Replacer Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Server Pool Added |
Sub Rule |
Object Added |
Access Success |
|
Server Pool Edited |
Sub Rule |
Object Modified |
Access Success |
|
Server Pool Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Server Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Server Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Server Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Site Publishing Policy Rule Added |
Sub Rule |
Object Added |
Access Success |
|
Site Publishing Policy Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
Site Publishing Policy Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Site Publishing Policy Added |
Sub Rule |
Object Added |
Access Success |
|
Site Publishing Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Custom Global Item Added |
Sub Rule |
Object Added |
Access Success |
|
Custom Global Item Edited |
Sub Rule |
Object Modified |
Access Success |
|
Custom Global Item Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Session Persistence Configuration Added |
Sub Rule |
Object Added |
Access Success |
|
Session Persistence Configuration Edited |
Sub Rule |
Object Modified |
Access Success |
|
Session Persistence Configuration Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Compression Exemption Created |
Sub Rule |
Object Added |
Access Success |
|
Compression Exemption Changed |
Sub Rule |
Object Modified |
Access Success |
|
Compression Exemption Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Decompressor Created |
Sub Rule |
Object Added |
Access Success |
|
Decompressor Changed |
Sub Rule |
Object Modified |
Access Success |
|
Decompressor Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Compressor Created |
Sub Rule |
Object Added |
Access Success |
|
Compressor Changed |
Sub Rule |
Object Modified |
Access Success |
|
Compressor Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Http Flood Created |
Sub Rule |
Object Added |
Access Success |
|
Http Flood Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Flood Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Malicious Ips Created |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Malicious Ips Changed |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Malicious Ips Deleted |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Http Access Created |
Sub Rule |
Object Added |
Access Success |
|
Http Access Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Access Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Tcp Flood Created |
Sub Rule |
Object Added |
Access Success |
|
Tcp Flood Changed |
Sub Rule |
Object Modified |
Access Success |
|
Tcp Flood Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Dos Protection Created |
Sub Rule |
Object Added |
Access Success |
|
Dos Protection Changed |
Sub Rule |
Object Modified |
Access Success |
|
Dos Protection Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Client Ip Created |
Sub Rule |
Object Added |
Access Success |
|
Client Ip Changed |
Sub Rule |
Object Modified |
Access Success |
|
Client Ip Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
User Authentication Rule Created |
Sub Rule |
Object Added |
Access Success |
|
User Authentication Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
User Authentication Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
User Authentication Policy Created |
Sub Rule |
Object Added |
Access Success |
|
User Authentication Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
User Authentication Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Input Rule Added |
Sub Rule |
Object Added |
Access Success |
|
Input Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
Input Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Parameter Validation Added |
Sub Rule |
Object Added |
Access Success |
|
Parameter Validation Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Hidden Input Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Hidden Input Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Hidden Input Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Hidden Input Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Hidden Input Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Hidden Input Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Page Order Created |
Sub Rule |
Object Added |
Access Success |
|
Page Order Changed |
Sub Rule |
Object Modified |
Access Success |
|
Page Order Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Rewriteredirect Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Rewriteredirect Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Rewriteredirect Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Rewriteredirect Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Rewriteredirect Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Rewriteredirect Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Allowed Http Method Exception Created |
Sub Rule |
Object Added |
Access Success |
|
Allowed Http Method Exception Changed |
Sub Rule |
Object Modified |
Access Success |
|
Allowed Http Method Exception Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Allowed Http Method Created |
Sub Rule |
Object Added |
Access Success |
|
Allowed Http Method Changed |
Sub Rule |
Object Modified |
Access Success |
|
Allowed Http Method Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Generated Url Access Rule |
Sub Rule |
General Audit Messages |
Information |
|
Access Control Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Access Control Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Generated A Url Access Condition |
Sub Rule |
General Audit Messages |
Information |
|
Generated A Url Access Policy |
Sub Rule |
General Audit Messages |
Information |
|
Inline Protection Profile Changed |
Sub Rule |
Object Modified |
Access Success |
|
Access Control Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Generated A Url Access Rule |
Sub Rule |
General Audit Messages |
Information |
|
Http Constraint Created |
Sub Rule |
Object Added |
Access Success |
|
Http Constraint Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Constraint Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Http Constraint Exemption Created |
Sub Rule |
Object Added |
Access Success |
|
Http Constraint Exemption Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Constraint Exemption Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
HTTP Protocol Constraint Rule Added |
Sub Rule |
Object Added |
Access Success |
|
HTTP Protocol Constraint Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
HTTP Protocol Constraint Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Custom Signature Created |
Sub Rule |
Object Added |
Access Success |
|
Custom Signature Changed |
Sub Rule |
Object Modified |
Access Success |
|
Custom Signature Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Group Of Custom Signatures Created |
Sub Rule |
Object Added |
Access Success |
|
Group Of Custom Signatures Changed |
Sub Rule |
Object Modified |
Access Success |
|
Group Of Custom Signatures Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Attack Signatures Created |
Sub Rule |
Object Added |
Access Success |
|
Attack Signatures Changed |
Sub Rule |
Object Modified |
Access Success |
|
Attack Signatures Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Xforwardedfor Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Xforwardedfor Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Xforwardedfor Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Session Initiation Created |
Sub Rule |
Object Added |
Access Success |
|
Session Initiation Changed |
Sub Rule |
Object Modified |
Access Success |
|
Session Initiation Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Brute Force Attack Profile Added |
Sub Rule |
Object Added |
Access Success |
|
Brute Force Attack Profile Edited |
Sub Rule |
Object Modified |
Access Success |
|
Brute Force Attack Profile Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Upload Restriction Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Upload Restriction Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Upload Restriction Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Upload Restriction Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Upload Restriction Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Upload Restriction Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Inline Protection Created |
Sub Rule |
Object Added |
Access Success |
|
Inline Protection Changed |
Sub Rule |
Object Modified |
Access Success |
|
Inline Protection Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Offline Protection Created |
Sub Rule |
Object Added |
Access Success |
|
Offline Protection Changed |
Sub Rule |
Object Modified |
Access Success |
|
Offline Protection Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Autolearning Profile Created |
Sub Rule |
Object Added |
Access Success |
|
Autolearning Profile Changed |
Sub Rule |
Object Modified |
Access Success |
|
Autolearning Profile Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Ip Reputation Setting Changed |
Sub Rule |
Object Modified |
Access Success |
|
Ip Reputation Created |
Sub Rule |
Object Added |
Access Success |
|
Ip Reputation Changed |
Sub Rule |
Object Modified |
Access Success |
|
Ip Reputation Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Severity And Trigger Action Edited |
Sub Rule |
Object Modified |
Access Success |
|
Ip Address Added To Custom |
Sub Rule |
Object Added |
Access Success |
|
Ip Address Added |
Sub Rule |
Object Added |
Access Success |
|
Ip Address Changed |
Sub Rule |
Object Modified |
Access Success |
|
Ip Address Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Generated A Url Filter In Custom Rule |
Sub Rule |
General Audit Messages |
Information |
|
Http Header Added |
Sub Rule |
Object Added |
Access Success |
|
Http Header Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Header Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Access Rate Added |
Sub Rule |
Object Added |
Access Success |
|
Access Rate Edited |
Sub Rule |
Object Modified |
Access Success |
|
Access Rate Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Transaction Timeout Added |
Sub Rule |
Object Added |
Access Success |
|
Transaction Timeout Edited |
Sub Rule |
Object Modified |
Access Success |
|
Transaction Timeout Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Http Response Added |
Sub Rule |
Object Added |
Access Success |
|
Http Response Changed |
Sub Rule |
Object Modified |
Access Success |
|
Http Response Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Content Type Added |
Sub Rule |
Object Added |
Access Success |
|
Content Type Edited |
Sub Rule |
Object Modified |
Access Success |
|
Content Type Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Packet Interval Added |
Sub Rule |
Object Added |
Access Success |
|
Packet Interval Edited |
Sub Rule |
Object Modified |
Access Success |
|
Packet Interval Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Generated A Custom Rule |
Sub Rule |
General Audit Messages |
Information |
|
Signature Violation Filter Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Occurrence Filter Added |
Sub Rule |
Object Added |
Access Success |
|
Occurrence Filter Edited |
Sub Rule |
Object Modified |
Access Success |
|
Occurrence Filter Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Custom Access Policy Added |
Sub Rule |
Object Added |
Access Success |
|
Custom Access Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Custom Access Policy Generated |
Sub Rule |
Object Added |
Access Success |
|
Custom Access Policy Rule Removed |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Combination Access Rate Limit Rule Created |
Sub Rule |
Object Added |
Access Success |
|
Combination Access Rate Limit Rule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Combination Access Rate Limit Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Combination Access Rate Limit Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Combination Access Rate Limit Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Combination Access Rate Limit Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Padding Oracle Rule Added |
Sub Rule |
Object Added |
Access Success |
|
Padding Oracle Rule Edited |
Sub Rule |
Object Modified |
Access Success |
|
Padding Oracle Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Web Cache Policy Added |
Sub Rule |
Object Added |
Access Success |
|
Web Cache Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Web Cache Added |
Sub Rule |
Object Added |
Access Success |
|
Web Cache Changed |
Sub Rule |
Object Modified |
Access Success |
|
Web Cache Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Vulnerability Scan Schedule Created |
Sub Rule |
Object Added |
Access Success |
|
Vulnerability Scan Schedule Changed |
Sub Rule |
Object Modified |
Access Success |
|
Vulnerability Scan Schedule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Vulnerability Scan Profile Created |
Sub Rule |
Object Added |
Access Success |
|
Vulnerability Scan Profile Changed |
Sub Rule |
Object Modified |
Access Success |
|
Vulnerability Scan Profile Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Vulnerability Scan Policy Created |
Sub Rule |
Object Added |
Access Success |
|
Vulnerability Scan Policy Changed |
Sub Rule |
Object Modified |
Access Success |
|
Vulnerability Scan Policy Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Antidefacement Monitor Created |
Sub Rule |
Object Added |
Access Success |
|
Antidefacement Monitor Changed |
Sub Rule |
Object Modified |
Access Success |
|
Antidefacement Monitor Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Antidefacement File Created |
Sub Rule |
Object Added |
Access Success |
|
Antidefacement File Edited |
Sub Rule |
Object Modified |
Access Success |
|
Antidefacement File Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Scanner File Imported |
Sub Rule |
General Audit Messages |
Information |
|
Admin Powered On The Fortiweb |
Sub Rule |
General Audit Messages |
Information |
|
Admin Rebooted The OS |
Sub Rule |
Reboot Requested |
Information |
|
Admin Halted The OS |
Sub Rule |
Reboot Requested |
Information |
|
Admins Inactive Session Timed Out |
Sub Rule |
Administrative Session Ended |
Other Audit |
|
Admin Uploaded A Data Analytics |
Sub Rule |
General Audit Messages |
Information |
|
Log Files Deleted |
Sub Rule |
File Deleted |
Information |
|
Certificate From HSM Downloaded |
Sub Rule |
General Audit Messages |
Information |
|
Admin Logged In/ Failed Login |
Sub Rule |
LOGIN_INFORMATION |
Information |
|
Success OR Failed Login Attempt |
Sub Rule |
LOGIN_INFORMATION |
Information |
|
Logged Out |
Sub Rule |
Logout Request |
Information |
|
Firmware Upgraded |
Sub Rule |
General Audit Messages |
Information |
|
Firmware Image Downgraded |
Sub Rule |
General Audit Messages |
Information |
|
System Config Restored |
Sub Rule |
Configuration Information |
Information |
|
Requested Database |
Sub Rule |
Checking Database Server |
Information |
|
Backup FTP/SFTP Success |
Sub Rule |
General Audit Messages |
Information |
|
System Time Changed |
Sub Rule |
System Time Updated |
Information |
|
IP Signature File Updated |
Sub Rule |
General IP Message |
Information |
|
Rewrite Cookie Persistence Policy |
Sub Rule |
General Policy Agent Information |
Information |
|
HSM Config Changed |
Sub Rule |
Configuration Information |
Information |
|
Logging Daemon Started |
Sub Rule |
Daemon Information |
Information |
|
Success OR Failed Login Attempt Into Website |
Sub Rule |
LOGIN_INFORMATION |
Information |
|
Enduser Successfully Logged In |
Sub Rule |
LOGIN_INFORMATION |
Information |
|
Defacement Attack Detected |
Sub Rule |
General Attack Activity |
Attack |
|
Anti Defacement Monitored |
Sub Rule |
General Audit Messages |
Information |
|
Failover Occurred |
Sub Rule |
Failover |
Error |
|
Synchronized Configuration From HA |
Sub Rule |
General Audit Messages |
Information |
|
HA Cluster Added OR Removed |
Sub Rule |
General CLUSTER Message |
Information |
|
HA Cluster Config Restored |
Sub Rule |
General CLUSTER Message |
Information |
|
HA Cluster Firmware Restored |
Sub Rule |
General CLUSTER Message |
Information |
|
Port Status Monitored |
Sub Rule |
General PORT Message |
Information |
|
IRIS Not Authenticated |
Sub Rule |
General Audit Messages |
Information |
|
Network Interface Up/Down |
Sub Rule |
Network Interface |
Information |
|
CPU Usage Too High |
Sub Rule |
High CPU Usage |
Warning |
|
RAM Usage Too High |
Sub Rule |
General Audit Messages |
Information |
|
CRL Updated To Server |
Sub Rule |
General Audit Messages |
Information |
|
Server Pool Available |
Sub Rule |
General Audit Messages |
Information |
|
Concurrent Sessions Reduced |
Sub Rule |
Session Information |
Information |
|
Concurrent Sessions Reached |
Sub Rule |
Session Information |
Information |
|
Customized Data Defnition Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
N/A |
N/A |
Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
|
N/A |
N/A |
N/A |
Vendor or organization name. |
|
N/A |
N/A |
N/A |
Product or service name generating the event. |
|
N/A |
<version> |
Number |
Version number. |
|
N/A |
<vmid>
|
Number |
log_id |
|
N/A |
<vendorinfo> |
Text/String |
Description. |
|
N/A |
<severity> |
Text/String |
Severity level of the event. |
|
cat |
<objecttype> |
Text/String |
|
|
act |
<action> |
Text/String |
N/A |
|
deviceExternalId |
N/A |
N/A |
N/A |
|
sourceServiceName |
N/A |
N/A |
N/A |
|
spriv |
N/A |
N/A |
N/A |
|
outcome |
<result> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |
|
cs1 |
N/A |
N/A |
N/A |
|
cs1Label |
N/A |
N/A |
N/A |
|
cs2 |
N/A |
N/A |
N/A |
|
cs2Label |
N/A |
N/A |
N/A |