Attack Log Messages | LogRhythm Documentation

Vendor Documentation

https://docs.fortinet.com/document/fortiweb/7.6.0/log-message-reference/445549/attack

Classification

Rule Name	Rule Type	Common Event	Classification
Attack Log Messages	Base Rule	General Attack Activity	Attack
Signature Policy	Sub Rule	Signature Information	Information
Known Bots Detection	Sub Rule	Security Violation	Other Security
HTTP Method Violation	Sub Rule	Security Violation	Other Security
HTTP Host Violation	Sub Rule	Security Violation	Other Security
Page Access Rule Violation	Sub Rule	Security Violation	Other Security
Start Page Violation	Sub Rule	Security Violation	Other Security
Parameter Name	Sub Rule	General Attack Activity	Attack
Block List IP Blocked	Sub Rule	Access Blocked	Information
URL Access Rule Violation	Sub Rule	Rule Violation	Warning
Custom Signature Rule Violation	Sub Rule	Rule Violation	Warning
Brute Force Login Violation	Sub Rule	Brute Force Activity	Attack
Hidden Field Manipulation	Sub Rule	Security Violation	Other Security
User Defined In Site Locked Out	Sub Rule	Security Violation	Other Security
HTTP Parsing Error	Sub Rule	General Error Log Message	Error
DoS Protection Violation	Sub Rule	Security Violation	Other Security
SYN Flood Protection	Sub Rule	Security Violation	Other Security
HTTPS Connection Failure	Sub Rule	HTTPS Connection Error	Error
File Upload Restrictions Violation	Sub Rule	Security Violation	Other Security
Unauthorized Geo IP	Sub Rule	Unauthorized Activity	Misuse
Custom Access Rule Violation	Sub Rule	Security Violation	Other Security
IP Reputation Violation	Sub Rule	Security Violation	Other Security
Padding Oracle Attack	Sub Rule	General Attack Activity	Attack
CSRF Detection	Sub Rule	Security Violation	Other Security
Quarantined IPs	Sub Rule	Security Violation	Other Security
HTTP Protocol Constraints Violation	Sub Rule	Security Violation	Other Security
Credential Stuffing Defense Violation	Sub Rule	Security Violation	Other Security
User Tracking Rules Violation	Sub Rule	Security Violation	Other Security
XML Validation Violation	Sub Rule	Security Violation	Other Security
Cookie Security Violation	Sub Rule	Security Violation	Other Security
FTP Command Restriction	Sub Rule	FTP Command Denied	Failed Activity
Session Was Timed Out	Sub Rule	Session Closed	Information
FTP File Security Violation	Sub Rule	Security Violation	Other Security
FTPS Connection Failure	Sub Rule	Security Violation	Other Security
Machine Learning Anomaly Detection Violation	Sub Rule	Security Violation	Other Security
OpenAPI Validation Violation	Sub Rule	Security Violation	Other Security
WebSocket Security Violation	Sub Rule	Security Violation	Other Security
MiTB AJAX Security Violation	Sub Rule	Security Violation	Other Security
Machine Learning Bot Detection Violation	Sub Rule	Security Violation	Other Security
CORS Check Security Violation	Sub Rule	Security Violation	Other Security
JSON Validation Security Violation	Sub Rule	Security Violation	Other Security
Mobile API Protection Rule Violation	Sub Rule	Security Violation	Other Security
BOT Deception Violation	Sub Rule	Possible Botnet Activity	Malware
BOT Biometrics Based Detection Violation	Sub Rule	Security Violation	Other Security
BOT Threshold Based Detection Violation	Sub Rule	Security Violation	Other Security
URL Encryption Violation	Sub Rule	Security Violation	Other Security
Client Management Violation	Sub Rule	Security Violation	Other Security
IP Not In Allow Only List Was Blocked	Sub Rule	Access Blocked	Information
Web Shell Detection Violation	Sub Rule	Security Violation	Other Security
Zero Trust Access Violation	Sub Rule	Security Violation	Other Security
GRPC Security Violation	Sub Rule	Security Violation	Other Security

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10).
N/A	N/A	N/A	Vendor or organization name.
N/A	N/A	N/A	Product or service name generating the event.
N/A	<version>	Numbers	Version number.
N/A	<vmid> <tag1>	Numbers	log_id
N/A	<vendorinfo>	Text/String	Description
N/A	<severity>	Text/String	Severity level of the event.
cat	<objecttype>	Text/String	N/A
act	<action>	Text/String	N/A
deviceExternalId	N/A	N/A	N/A
deviceProcessName	<process>	Text/String	N/A
sourceServiceName	N/A	N/A	N/A
proto	<protname>	Text/String	N/A
app	<object>	Text/String	N/A
src	<sip>	IP Address	N/A
spt	<sport>	Numbers	N/A
dst	<dip>	IP Address	N/A
dpt	<dport>	Numbers	N/A
requestMethod	<command>	Text/String	N/A
request	N/A	N/A	N/A
requestClientApplication	<useragent>	Text/String	N/A
dhost	<dname>	Text/String	N/A
msg	<subject>	Text/String	N/A
cn1	N/A	N/A	N/A
cn1Label	N/A	N/A	N/A
cs1	N/A	N/A	N/A
cs1Label	N/A	N/A	N/A
cs2	N/A	N/A	N/A
cs2Label	N/A	N/A	N/A
cs3	N/A	N/A	N/A
cs3Label	N/A	N/A	N/A
cs4	N/A	N/A	N/A
cs4Label	N/A	N/A	N/A
cs5	N/A	N/A	N/A
cs5Label	N/A	N/A	N/A
cs6	N/A	N/A	N/A
cs6Label	N/A	N/A	N/A