Skip to main content
Skip table of contents

Attack Log Messages

Vendor Documentation

https://docs.fortinet.com/document/fortiweb/7.6.0/log-message-reference/445549/attack

Classification

Rule Name

Rule Type

Common Event

Classification

Attack Log Messages

Base Rule

General Attack Activity

Attack

Signature Policy

Sub Rule

Signature Information

Information

Known Bots Detection

Sub Rule

Security Violation

Other Security

HTTP Method Violation

Sub Rule

Security Violation

Other Security

HTTP Host Violation

Sub Rule

Security Violation

Other Security

Page Access Rule Violation

Sub Rule

Security Violation

Other Security

Start Page Violation

Sub Rule

Security Violation

Other Security

Parameter Name

Sub Rule

General Attack Activity

Attack

Block List IP Blocked

Sub Rule

Access Blocked

Information

URL Access Rule Violation

Sub Rule

Rule Violation

Warning

Custom Signature Rule Violation

Sub Rule

Rule Violation

Warning

Brute Force Login Violation

Sub Rule

Brute Force Activity

Attack

Hidden Field Manipulation

Sub Rule

Security Violation

Other Security

User Defined In Site Locked Out

Sub Rule

Security Violation

Other Security

HTTP Parsing Error

Sub Rule

General Error Log Message

Error

DoS Protection Violation

Sub Rule

Security Violation

Other Security

SYN Flood Protection

Sub Rule

Security Violation

Other Security

HTTPS Connection Failure

Sub Rule

HTTPS Connection Error

Error

File Upload Restrictions Violation

Sub Rule

Security Violation

Other Security

Unauthorized Geo IP

Sub Rule

Unauthorized Activity

Misuse

Custom Access Rule Violation

Sub Rule

Security Violation

Other Security

IP Reputation Violation

Sub Rule

Security Violation

Other Security

Padding Oracle Attack

Sub Rule

General Attack Activity

Attack

CSRF Detection

Sub Rule

Security Violation

Other Security

Quarantined IPs

Sub Rule

Security Violation

Other Security

HTTP Protocol Constraints Violation

Sub Rule

Security Violation

Other Security

Credential Stuffing Defense Violation

Sub Rule

Security Violation

Other Security

User Tracking Rules Violation

Sub Rule

Security Violation

Other Security

XML Validation Violation

Sub Rule

Security Violation

Other Security

Cookie Security Violation

Sub Rule

Security Violation

Other Security

FTP Command Restriction

Sub Rule

FTP Command Denied

Failed Activity

Session Was Timed Out

Sub Rule

Session Closed

Information

FTP File Security Violation

Sub Rule

Security Violation

Other Security

FTPS Connection Failure

Sub Rule

Security Violation

Other Security

Machine Learning Anomaly Detection Violation

Sub Rule

Security Violation

Other Security

OpenAPI Validation Violation

Sub Rule

Security Violation

Other Security

WebSocket Security Violation

Sub Rule

Security Violation

Other Security

MiTB AJAX Security Violation

Sub Rule

Security Violation

Other Security

Machine Learning Bot Detection Violation

Sub Rule

Security Violation

Other Security

CORS Check Security Violation

Sub Rule

Security Violation

Other Security

JSON Validation Security Violation

Sub Rule

Security Violation

Other Security

Mobile API Protection Rule Violation

Sub Rule

Security Violation

Other Security

BOT Deception Violation

Sub Rule

Possible Botnet Activity

Malware

BOT Biometrics Based Detection Violation

Sub Rule

Security Violation

Other Security

BOT Threshold Based Detection Violation

Sub Rule

Security Violation

Other Security

URL Encryption Violation

Sub Rule

Security Violation

Other Security

Client Management Violation

Sub Rule

Security Violation

Other Security

IP Not In Allow Only List Was Blocked

Sub Rule

Access Blocked

Information

Web Shell Detection Violation

Sub Rule

Security Violation

Other Security

Zero Trust Access Violation

Sub Rule

Security Violation

Other Security

GRPC Security Violation

Sub Rule

Security Violation

Other Security

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10).

N/A

N/A

N/A

Vendor or organization name.

N/A

N/A

N/A

Product or service name generating the event.

N/A

<version>

Numbers

Version number.

N/A

<vmid>
<tag1>

Numbers

log_id

N/A

<vendorinfo>

Text/String

Description

N/A

<severity>

Text/String

Severity level of the event.

cat

<objecttype>

Text/String

N/A

act

<action>

Text/String

N/A

deviceExternalId

N/A

N/A

N/A

deviceProcessName

<process>

Text/String

N/A

sourceServiceName

N/A

N/A

N/A

proto

<protname>

Text/String

N/A

app

<object>

Text/String

N/A

src

<sip>

IP Address

N/A

spt

<sport>

Numbers

N/A

dst

<dip>

IP Address

N/A

dpt

<dport>

Numbers

N/A

requestMethod

<command>

Text/String

N/A

request

N/A

N/A

N/A

requestClientApplication

<useragent>

Text/String

N/A

dhost

<dname>

Text/String

N/A

msg

<subject>

Text/String

N/A

cn1

N/A

N/A

N/A

cn1Label

N/A

N/A

N/A

cs1

N/A

N/A

N/A

cs1Label

N/A

N/A

N/A

cs2

N/A

N/A

N/A

cs2Label

N/A

N/A

N/A

cs3

N/A

N/A

N/A

cs3Label

N/A

N/A

N/A

cs4

N/A

N/A

N/A

cs4Label

N/A

N/A

N/A

cs5

N/A

N/A

N/A

cs5Label

N/A

N/A

N/A

cs6

N/A

N/A

N/A

cs6Label

N/A

N/A

N/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close