Admin Authentication Activity
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
Admin Authentication Activity | Base Rule | General Firewall Event | Information |
Global Setting Changed | Sub Rule | Session Setting Changed | Other Audit Success |
Host Name Changed | Sub Rule | Host Information Changed | Information |
GUI Session Timeout | Sub Rule | Session Timeout | Warning |
Changed The Listeningsource Port | Sub Rule | General Information | Information |
Setting Changed | Sub Rule | Session Setting Changed | Other Audit Success |
Admin Profile Created | Sub Rule | User Account Created | Account Created |
Admin Profile Changed | Sub Rule | User Account Attribute Modified | Account Modified |
Admin Profile Deleted | Sub Rule | User Account Deleted | Account Deleted |
Admin Account Created | Sub Rule | User Account Created | Account Created |
Admin Account Changed | Sub Rule | User Account Attribute Modified | Account Modified |
Admin Account Deleted | Sub Rule | User Account Deleted | Account Deleted |
Wccp Added | Sub Rule | Object Added | Access Success |
Wccp Edited | Sub Rule | Object Modified | Access Success |
Wccp Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Vlan Created | Sub Rule | Object Added | Access Success |
Ip Changed | Sub Rule | Object Modified | Access Success |
Vlan Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Operation Changed | Sub Rule | Object Modified | Access Success |
Bridge Created | Sub Rule | Object Added | Access Success |
Bridge Changed | Sub Rule | Object Modified | Access Success |
Bridge Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Ip Of Sync Peer Changed | Sub Rule | Object Modified | Access Success |
Dns Changed | Sub Rule | Object Modified | Access Success |
Systemwide Changed | Sub Rule | Object Modified | Access Success |
Snmp Community Added | Sub Rule | Object Added | Access Success |
Snmp Changed | Sub Rule | Object Modified | Access Success |
Snmp Community Deleted | Sub Rule | Object Deleted/Removed | Access Success |
IP Of SNMP Added | Sub Rule | Object Added | Access Success |
Snmp Community Edit IP Of SNMP | Sub Rule | Object Modified | Access Success |
Snmp Community Delete Ip Of SNMP | Sub Rule | Object Deleted/Removed | Access Success |
Setting Of FDS Changed | Sub Rule | Object Modified | Access Success |
Configuration Of Appliance Changed | Sub Rule | Object Modified | Access Success |
Backup To FTP/SFTP Created | Sub Rule | Object Added | Access Success |
Backup To FTP/SFTP Changed | Sub Rule | Object Modified | Access Success |
Backup To FTP/SFTP Deleted | Sub Rule | Object Deleted/Removed | Access Success |
TCP SYN DOS Setting Changed | Sub Rule | Object Modified | Access Success |
Stored Server Certificate Uploaded | Sub Rule | Object Addedd | Access Success |
Stored Server Certificate Changed | Sub Rule | Object Modified | Access Success |
Stored Server Certificate Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Certificate Of HTTP CRL Added | Sub Rule | Object Added | Access Success |
Certificate Of HTTP CRL Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Certificate Added | Sub Rule | Object Added | Access Success |
Certificate Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Certificate Authorities Group Added | Sub Rule | Object Added | Access Success |
Certificate Authorities Group Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Intermediate Certificate Added | Sub Rule | Object Added | Access Success |
Intermediate Certificate Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Intermediate Certificate Group Added | Sub Rule | Object Added | Access Success |
Intermediate Certificate Group Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Certificate CRL Added | Sub Rule | Object Added | Access Success |
Certificate CRL Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Certificate Rule Added | Sub Rule | Object Added | Access Success |
Certificate Rule Edited | Sub Rule | Object Modified | Access Success |
Certificate Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Server Added | Sub Rule | Object Added | Access Success |
Server Changed | Sub Rule | Server State Change | Information |
Server Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Systemwide Fortiguard Changed | Sub Rule | Object Modified | Access Success |
Locallydefined Added | Sub Rule | Object Added | Access Success |
Locally Changed | Sub Rule | Object Modified | Access Success |
Locallydefined Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Ldap Added | Sub Rule | Object Added | Access Success |
Ldap Changed | Sub Rule | Object Modified | Access Success |
Ldap Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Radius Created | Sub Rule | Object Added | Access Success |
Radius Changed | Sub Rule | Object Modified | Access Success |
Radius Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Ntlm Added | Sub Rule | Object Added | Access Success |
Ntlm Changed | Sub Rule | Object Modified | Access Success |
Ntlm Deleted | Sub Rule | Object Deleted/Removed | Access Success |
User Added | Sub Rule | Object Added | Access Success |
User Changed | Sub Rule | Object Modified | Access Success |
User Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Admin Added | Sub Rule | Object Added | Access Success |
Admin Group Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Snmp User Added | Sub Rule | Object Added | Access Success |
Snmp User Edited | Sub Rule | Object Modified | Access Success |
Snmp User Deleted | Sub Rule | Object Deleted/Removed | Access Success |
IP Of SNMP Added | Sub Rule | Object Added | Access Success |
IP Of SNMP Edited | Sub Rule | Object Modified | Access Success |
IP Of SNMP Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Auth Pages Added | Sub Rule | Object Added | Access Success |
Auth Pages Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Replacement Message Edited | Sub Rule | Object Modified | Access Success |
Fortigate Intergration Edited | Sub Rule | Object Modified | Access Success |
New Firmware Use | Sub Rule | General Audit Messages | Information |
Connection To Syslog Server Configured | Sub Rule | General Audit Messages | Information |
Connection To Syslog Server Configuration Changed | Sub Rule | Object Modified | Access Success |
Connection To Syslog Server Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Email Policy Added | Sub Rule | Policy Created : Object | Policy |
Change Made To Email Policy | Sub Rule | Object Modified | Access Success |
Email Policy Deleted | Sub Rule | Policy Disabled : System | Policy |
Config Added To Send Message To FTP | Sub Rule | Object Added | Access Success |
Config Edited To Send Message To FTP | Sub Rule | Object Modified | Access Success |
Config Deleted To Send Message To FTP | Sub Rule | Object Deleted/Removed | Access Success |
Config Added To Send Message To FortiAnalyzer | Sub Rule | Object Added | Access Success |
Config Changed To Send Message To FortiAnalyzer | Sub Rule | Object Modified | Access Success |
Config Deleted To Send Message To FortiAnalyzer | Sub Rule | Object Deleted/Removed | Access Success |
Trigger Policy Added | Sub Rule | Object Added | Access Success |
Trigger Policy Changed | Sub Rule | Object Modified | Access Success |
Trigger Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Enabled Or Disabled Storing Log On Appliance | Sub Rule | General Audit Messages | Information |
Config Changed To RAM | Sub Rule | General Audit Messages | Information |
Cock Updated VIA NTP | Sub Rule | General Audit Messages | Information |
Config Changed For Recording Attack Log | Sub Rule | General Audit Messages | Information |
Storing Traffic Log Enable/Diable | Sub Rule | General Network Traffic | Network Traffic |
Event Log Recording Config Changed | Sub Rule | Object Modified | Access Success |
No Enough Hard Disk Space | Sub Rule | Disk / Storage Full | Critical |
IP Later Static Route Created | Sub Rule | Route Created | Information |
IP Later Static Route Changed | Sub Rule | General Route Information | Information |
IP Later Static Route Deleted | Sub Rule | Route Deleted | Information |
Concurrent Session Reached | Sub Rule | Session Information | Information |
Server Health Check Created | Sub Rule | Object Added | Access Success |
Server Health Check Edited | Sub Rule | Object Modified | Access Success |
Server Health Check Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Server Health Check Rule Created | Sub Rule | Object Added | Access Success |
Server Health Check Rule Edited | Sub Rule | Object Modified | Access Success |
Server Health Check Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Server Availablity Monitor Created | Sub Rule | Object Added | Access Success |
Server Availablity Monitor Changed | Sub Rule | Object Modified | Access Success |
Server Availablity Monitor Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Network Service Created | Sub Rule | Object Added | Access Success |
Network Service Changed | Sub Rule | Object Modified | Access Success |
Network Service Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Virtual Server Added | Sub Rule | Object Added | Access Success |
Virtual Server Edited | Sub Rule | Object Modified | Access Success |
Virtual Server Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Httplayer Route Created | Sub Rule | Route Created | Information |
Admin Edited The Server Pool | Sub Rule | General Audit Messages | Information |
Httplayer Route Deleted | Sub Rule | Route Deleted | Information |
Httplayer Route Changed | Sub Rule | General Route Information | Information |
Added List Of HTTP Content Routing Policy | Sub Rule | Object Added | Access Success |
Edited List Of HTTP Content Routing Policy | Sub Rule | Object Modified | Access Success |
Deleted List Of HTTP Content Routing Policy | Sub Rule | Object Deleted/Removed | Access Success |
Admin Uploaded A Customized Http | Sub Rule | Object Added | Access Success |
HTTP Error Web Description Changed | Sub Rule | Object Modified | Access Success |
HTTP Error Web Description Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Customized Data Defnition Created | Sub Rule | Object Added | Access Success |
Customized Data Defnition Changed | Sub Rule | Object Modified | Access Success |
Group Customized Data Defnition Created | Sub Rule | Object Added | Access Success |
Group Customized Data Defnition Changed | Sub Rule | Object Modified | Access Success |
Group Customized Data Defnition Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Customized Suspicious URL Created | Sub Rule | Object Added | Access Success |
Customized Suspicious URL Changed | Sub Rule | Object Modified | Access Success |
Customized Suspicious URL Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Group Customized Suspicious URL Created | Sub Rule | Object Added | Access Success |
Group Customized Suspicious URL Changed | Sub Rule | Object Modified | Access Success |
Group Customized Suspicious URL Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Customized Suspicious URL Rule Created | Sub Rule | Object Added | Access Success |
Customized Suspicious URL Rule Changed | Sub Rule | Object Modified | Access Success |
Customized Suspicious URL Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Admin Disabled Or Enabled Global Allow List Object | Sub Rule | General Audit Messages | Information |
Allowed/Protected Host Defnition Created | Sub Rule | Object Added | Access Success |
Allowed/Protected Host Defnition Changed | Sub Rule | Object Modified | Access Success |
Allowed/Protected Host Defnition Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Dynamic URL Replacer Created | Sub Rule | Object Added | Access Success |
URL Replacer Changed | Sub Rule | Object Modified | Access Success |
URL Replacer Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Group URL Replacer Created | Sub Rule | Object Added | Access Success |
Group URL Replacer Changed | Sub Rule | Object Modified | Access Success |
Group URL Replacer Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Server Pool Added | Sub Rule | Object Added | Access Success |
Server Pool Edited | Sub Rule | Object Modified | Access Success |
Server Pool Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Server Policy Created | Sub Rule | Object Added | Access Success |
Server Policy Changed | Sub Rule | Object Modified | Access Success |
Server Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Site Publishing Policy Rule Added | Sub Rule | Object Added | Access Success |
Site Publishing Policy Rule Edited | Sub Rule | Object Modified | Access Success |
Site Publishing Policy Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Site Publishing Policy Added | Sub Rule | Object Added | Access Success |
Site Publishing Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Custom Global Item Added | Sub Rule | Object Added | Access Success |
Custom Global Item Edited | Sub Rule | Object Modified | Access Success |
Custom Global Item Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Session Persistence Configuration Added | Sub Rule | Object Added | Access Success |
Session Persistence Configuration Edited | Sub Rule | Object Modified | Access Success |
Session Persistence Configuration Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Compression Exemption Created | Sub Rule | Object Added | Access Success |
Compression Exemption Changed | Sub Rule | Object Modified | Access Success |
Compression Exemption Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Decompressor Created | Sub Rule | Object Added | Access Success |
Decompressor Changed | Sub Rule | Object Modified | Access Success |
Decompressor Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Compressor Created | Sub Rule | Object Added | Access Success |
Compressor Changed | Sub Rule | Object Modified | Access Success |
Compressor Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Http Flood Created | Sub Rule | Object Added | Access Success |
Http Flood Changed | Sub Rule | Object Modified | Access Success |
Http Flood Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Malicious Ips Created | Sub Rule | Suspicious Activity | Suspicious |
Malicious Ips Changed | Sub Rule | Suspicious Activity | Suspicious |
Malicious Ips Deleted | Sub Rule | Suspicious Activity | Suspicious |
Http Access Created | Sub Rule | Object Added | Access Success |
Http Access Changed | Sub Rule | Object Modified | Access Success |
Http Access Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Tcp Flood Created | Sub Rule | Object Added | Access Success |
Tcp Flood Changed | Sub Rule | Object Modified | Access Success |
Tcp Flood Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Dos Protection Created | Sub Rule | Object Added | Access Success |
Dos Protection Changed | Sub Rule | Object Modified | Access Success |
Dos Protection Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Client Ip Created | Sub Rule | Object Added | Access Success |
Client Ip Changed | Sub Rule | Object Modified | Access Success |
Client Ip Deleted | Sub Rule | Object Deleted/Removed | Access Success |
User Authentication Rule Created | Sub Rule | Object Added | Access Success |
User Authentication Rule Changed | Sub Rule | Object Modified | Access Success |
User Authentication Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
User Authentication Policy Created | Sub Rule | Object Added | Access Success |
User Authentication Policy Changed | Sub Rule | Object Modified | Access Success |
User Authentication Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Input Rule Added | Sub Rule | Object Added | Access Success |
Input Rule Edited | Sub Rule | Object Modified | Access Success |
Input Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Parameter Validation Added | Sub Rule | Object Added | Access Success |
Parameter Validation Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Hidden Input Rule Created | Sub Rule | Object Added | Access Success |
Hidden Input Rule Changed | Sub Rule | Object Modified | Access Success |
Hidden Input Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Hidden Input Policy Created | Sub Rule | Object Added | Access Success |
Hidden Input Policy Changed | Sub Rule | Object Modified | Access Success |
Hidden Input Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Page Order Created | Sub Rule | Object Added | Access Success |
Page Order Changed | Sub Rule | Object Modified | Access Success |
Page Order Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Rewriteredirect Rule Created | Sub Rule | Object Added | Access Success |
Rewriteredirect Rule Changed | Sub Rule | Object Modified | Access Success |
Rewriteredirect Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Rewriteredirect Policy Created | Sub Rule | Object Added | Access Success |
Rewriteredirect Policy Changed | Sub Rule | Object Modified | Access Success |
Rewriteredirect Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Allowed Http Method Exception Created | Sub Rule | Object Added | Access Success |
Allowed Http Method Exception Changed | Sub Rule | Object Modified | Access Success |
Allowed Http Method Exception Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Allowed Http Method Created | Sub Rule | Object Added | Access Success |
Allowed Http Method Changed | Sub Rule | Object Modified | Access Success |
Allowed Http Method Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Generated Url Access Rule | Sub Rule | General Audit Messages | Information |
Access Control Rule Changed | Sub Rule | Object Modified | Access Success |
Access Control Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Generated A Url Access Condition | Sub Rule | General Audit Messages | Information |
Generated A Url Access Policy | Sub Rule | General Audit Messages | Information |
Inline Protection Profile Changed | Sub Rule | Object Modified | Access Success |
Access Control Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Generated A Url Access Rule | Sub Rule | General Audit Messages | Information |
Http Constraint Created | Sub Rule | Object Added | Access Success |
Http Constraint Changed | Sub Rule | Object Modified | Access Success |
Http Constraint Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Http Constraint Exemption Created | Sub Rule | Object Added | Access Success |
Http Constraint Exemption Changed | Sub Rule | Object Modified | Access Success |
Http Constraint Exemption Deleted | Sub Rule | Object Deleted/Removed | Access Success |
HTTP Protocol Constraint Rule Added | Sub Rule | Object Added | Access Success |
HTTP Protocol Constraint Rule Edited | Sub Rule | Object Modified | Access Success |
HTTP Protocol Constraint Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Custom Signature Created | Sub Rule | Object Added | Access Success |
Custom Signature Changed | Sub Rule | Object Modified | Access Success |
Custom Signature Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Group Of Custom Signatures Created | Sub Rule | Object Added | Access Success |
Group Of Custom Signatures Changed | Sub Rule | Object Modified | Access Success |
Group Of Custom Signatures Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Attack Signatures Created | Sub Rule | Object Added | Access Success |
Attack Signatures Changed | Sub Rule | Object Modified | Access Success |
Attack Signatures Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Xforwardedfor Rule Created | Sub Rule | Object Added | Access Success |
Xforwardedfor Rule Changed | Sub Rule | Object Modified | Access Success |
Xforwardedfor Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Session Initiation Created | Sub Rule | Object Added | Access Success |
Session Initiation Changed | Sub Rule | Object Modified | Access Success |
Session Initiation Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Brute Force Attack Profile Added | Sub Rule | Object Added | Access Success |
Brute Force Attack Profile Edited | Sub Rule | Object Modified | Access Success |
Brute Force Attack Profile Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Upload Restriction Rule Created | Sub Rule | Object Added | Access Success |
Upload Restriction Rule Changed | Sub Rule | Object Modified | Access Success |
Upload Restriction Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Upload Restriction Policy Created | Sub Rule | Object Added | Access Success |
Upload Restriction Policy Changed | Sub Rule | Object Modified | Access Success |
Upload Restriction Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Inline Protection Created | Sub Rule | Object Added | Access Success |
Inline Protection Changed | Sub Rule | Object Modified | Access Success |
Inline Protection Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Offline Protection Created | Sub Rule | Object Added | Access Success |
Offline Protection Changed | Sub Rule | Object Modified | Access Success |
Offline Protection Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Autolearning Profile Created | Sub Rule | Object Added | Access Success |
Autolearning Profile Changed | Sub Rule | Object Modified | Access Success |
Autolearning Profile Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Ip Reputation Setting Changed | Sub Rule | Object Modified | Access Success |
Ip Reputation Created | Sub Rule | Object Added | Access Success |
Ip Reputation Changed | Sub Rule | Object Modified | Access Success |
Ip Reputation Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Severity And Trigger Action Edited | Sub Rule | Object Modified | Access Success |
Ip Address Added To Custom | Sub Rule | Object Added | Access Success |
Ip Address Added | Sub Rule | Object Added | Access Success |
Ip Address Changed | Sub Rule | Object Modified | Access Success |
Ip Address Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Generated A Url Filter In Custom Rule | Sub Rule | General Audit Messages | Information |
Http Header Added | Sub Rule | Object Added | Access Success |
Http Header Changed | Sub Rule | Object Modified | Access Success |
Http Header Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Access Rate Added | Sub Rule | Object Added | Access Success |
Access Rate Edited | Sub Rule | Object Modified | Access Success |
Access Rate Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Transaction Timeout Added | Sub Rule | Object Added | Access Success |
Transaction Timeout Edited | Sub Rule | Object Modified | Access Success |
Transaction Timeout Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Http Response Added | Sub Rule | Object Added | Access Success |
Http Response Changed | Sub Rule | Object Modified | Access Success |
Http Response Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Content Type Added | Sub Rule | Object Added | Access Success |
Content Type Edited | Sub Rule | Object Modified | Access Success |
Content Type Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Packet Interval Added | Sub Rule | Object Added | Access Success |
Packet Interval Edited | Sub Rule | Object Modified | Access Success |
Packet Interval Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Generated A Custom Rule | Sub Rule | General Audit Messages | Information |
Signature Violation Filter Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Occurrence Filter Added | Sub Rule | Object Added | Access Success |
Occurrence Filter Edited | Sub Rule | Object Modified | Access Success |
Occurrence Filter Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Custom Access Policy Added | Sub Rule | Object Added | Access Success |
Custom Access Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Custom Access Policy Generated | Sub Rule | Object Added | Access Success |
Custom Access Policy Rule Removed | Sub Rule | Object Deleted/Removed | Access Success |
Combination Access Rate Limit Rule Created | Sub Rule | Object Added | Access Success |
Combination Access Rate Limit Rule Changed | Sub Rule | Object Modified | Access Success |
Combination Access Rate Limit Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Combination Access Rate Limit Policy Created | Sub Rule | Object Added | Access Success |
Combination Access Rate Limit Policy Changed | Sub Rule | Object Modified | Access Success |
Combination Access Rate Limit Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Padding Oracle Rule Added | Sub Rule | Object Added | Access Success |
Padding Oracle Rule Edited | Sub Rule | Object Modified | Access Success |
Padding Oracle Rule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Web Cache Policy Added | Sub Rule | Object Added | Access Success |
Web Cache Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Web Cache Added | Sub Rule | Object Added | Access Success |
Web Cache Changed | Sub Rule | Object Modified | Access Success |
Web Cache Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Vulnerability Scan Schedule Created | Sub Rule | Object Added | Access Success |
Vulnerability Scan Schedule Changed | Sub Rule | Object Modified | Access Success |
Vulnerability Scan Schedule Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Vulnerability Scan Profile Created | Sub Rule | Object Added | Access Success |
Vulnerability Scan Profile Changed | Sub Rule | Object Modified | Access Success |
Vulnerability Scan Profile Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Vulnerability Scan Policy Created | Sub Rule | Object Added | Access Success |
Vulnerability Scan Policy Changed | Sub Rule | Object Modified | Access Success |
Vulnerability Scan Policy Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Antidefacement Monitor Created | Sub Rule | Object Added | Access Success |
Antidefacement Monitor Changed | Sub Rule | Object Modified | Access Success |
Antidefacement Monitor Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Antidefacement File Created | Sub Rule | Object Added | Access Success |
Antidefacement File Edited | Sub Rule | Object Modified | Access Success |
Antidefacement File Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Scanner File Imported | Sub Rule | General Audit Messages | Information |
Admin Powered On The Fortiweb | Sub Rule | General Audit Messages | Information |
Admin Rebooted The OS | Sub Rule | Reboot Requested | Information |
Admin Halted The OS | Sub Rule | Reboot Requested | Information |
Admins Inactive Session Timed Out | Sub Rule | Administrative Session Ended | Other Audit |
Admin Uploaded A Data Analytics | Sub Rule | General Audit Messages | Information |
Log Files Deleted | Sub Rule | File Deleted | Information |
Certificate From HSM Downloaded | Sub Rule | General Audit Messages | Information |
Admin Logged In/ Failed Login | Sub Rule | LOGIN_INFORMATION | Information |
Success OR Failed Login Attempt | Sub Rule | LOGIN_INFORMATION | Information |
Logged Out | Sub Rule | Logout Request | Information |
Firmware Upgraded | Sub Rule | General Audit Messages | Information |
Firmware Image Downgraded | Sub Rule | General Audit Messages | Information |
System Config Restored | Sub Rule | Configuration Information | Information |
Requested Database | Sub Rule | Checking Database Server | Information |
Backup FTP/SFTP Success | Sub Rule | General Audit Messages | Information |
System Time Changed | Sub Rule | System Time Updated | Information |
IP Signature File Updated | Sub Rule | General IP Message | Information |
Rewrite Cookie Persistence Policy | Sub Rule | General Policy Agent Information | Information |
HSM Config Changed | Sub Rule | Configuration Information | Information |
Logging Daemon Started | Sub Rule | Daemon Information | Information |
Success OR Failed Login Attempt Into Website | Sub Rule | LOGIN_INFORMATION | Information |
Enduser Successfully Logged In | Sub Rule | LOGIN_INFORMATION | Information |
Defacement Attack Detected | Sub Rule | General Attack Activity | Attack |
Anti Defacement Monitored | Sub Rule | General Audit Messages | Information |
Failover Occurred | Sub Rule | Failover | Error |
Synchronized Configuration From HA | Sub Rule | General Audit Messages | Information |
HA Cluster Added OR Removed | Sub Rule | General CLUSTER Message | Information |
HA Cluster Config Restored | Sub Rule | General CLUSTER Message | Information |
HA Cluster Firmware Restored | Sub Rule | General CLUSTER Message | Information |
Port Status Monitored | Sub Rule | General PORT Message | Information |
IRIS Not Authenticated | Sub Rule | General Audit Messages | Information |
Network Interface Up/Down | Sub Rule | Network Interface | Information |
CPU Usage Too High | Sub Rule | High CPU Usage | Warning |
RAM Usage Too High | Sub Rule | General Audit Messages | Information |
CRL Updated To Server | Sub Rule | General Audit Messages | Information |
Server Pool Available | Sub Rule | General Audit Messages | Information |
Concurrent Sessions Reduced | Sub Rule | Session Information | Information |
Concurrent Sessions Reached | Sub Rule | Session Information | Information |
Customized Data Defnition Deleted | Sub Rule | Object Deleted/Removed | Access Success |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
N/A | N/A | N/A | Vendor or organization name. |
N/A | N/A | N/A | Product or service name generating the event. |
N/A | <version> | Number | Version number. |
N/A | <vmid> | Number | log_id |
N/A | <vendorinfo> | Text/String | Description. |
N/A | <severity> | Text/String | Severity level of the event. |
cat | <objecttype> | Text/String |
|
act | <action> | Text/String | N/A |
deviceExternalId | N/A | N/A | N/A |
sourceServiceName | N/A | N/A | N/A |
spriv | N/A | N/A | N/A |
outcome | <result> | Text/String | N/A |
msg | <subject> | Text/String | N/A |
cs1 | N/A | N/A | N/A |
cs1Label | N/A | N/A | N/A |
cs2 | N/A | N/A | N/A |
cs2Label | N/A | N/A | N/A |