Fortinet FortiNAC: Fortinet FortiNAC Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Fortinet FortiNAC Events | Base Rule | General Information Log Message | Information |
Telnet Server Timeout | Sub Rule | Server Timed Out | Information |
SSH Session Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
MDM Poll Success | Sub Rule | Successful Activity | Other Audit Success |
L2 Poll Failed | Sub Rule | General Failed Activity | Failed Activity |
Entitlement Polling Success | Sub Rule | Successful Activity | Other Audit Success |
Directory Synchronization Success | Sub Rule | Synchronization Finished | Information |
Directory User Disabled | Sub Rule | Account Disabled | Access Revoked |
Disable Host Success | Sub Rule | Host Disabled | Other Audit |
Synchronize Users With Directory Success | Sub Rule | Synchronization Finished | Information |
Admin User Timed Out | Sub Rule | User Disconnected Due To Time Out | Information |
Database Backup Success | Sub Rule | Backup Succeeded | Information |
Adapter Destroyed | Sub Rule | Host Adapter Information | Information |
Admin User Login Success | Sub Rule | LOGIN_INFORMATION | Information |
RADIUS Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
Contact Established | Sub Rule | Communication Established | Information |
Contact Lost | Sub Rule | Cannot Contact Target Host | Warning |
Device Created | Sub Rule | Device Allocated | Other Audit Success |
Device Destroyed | Sub Rule | Device De-Allocated | Other Audit Success |
Device Profiling Automatic Registration | Sub Rule | Device Registered | Other Audit Success |
Device Rule Confirmation Success | Sub Rule | General Information Log Message | Information |
DHCP Host Name Changed | Sub Rule | General DHCP | Information |
Host Destroyed | Sub Rule | Host Not Found | Warning |
Host Passed Security Test | Sub Rule | General Host Information | Information |
Invalid Physical Address | Sub Rule | Invalid IP Address | Warning |
Management Lost | Sub Rule | General Host Information | Information |
MDM Poll Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
Port Uplink Configuration Modified | Sub Rule | General Information Log Message | Information |
Possible MAC Address Spoof | Sub Rule | General Information Log Message | Information |
RADIUS NAS Client Modified | Sub Rule | General Information Log Message | Information |
Report Generation Success | Sub Rule | General Information Log Message | Information |
REST API Failure | Sub Rule | General Information Log Message | Information |
Security Risk Host | Sub Rule | General Host Warning | Warning |
Service Restarted - Radius | Sub Rule | Service Start | Startup and Shutdown |
Service Started - Radius | Sub Rule | Service Start | Startup and Shutdown |
SNMP Failure | Sub Rule | SNMP Activity | Activity |
System Fail Over | Sub Rule | System Failure Occurred | Critical |
User Created | Sub Rule | User Account Created | Account Created |
VLAN Switch Success | Sub Rule | VLAN Manager Alert | Critical |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhthm Schema | Data Type | Schema Description |
|---|---|---|---|
Entity ID | N/A | N/A | Entity ID |
Entity IP address | <dip> | IP Address | Entity IP address |
Entity Name | <dname> | Text/String | Entity Name |
Entity physical address | <dmac> | Text/String | Entity physical address |
Event Name | <vendorinfo> | Text/String | Name of the event that generated the syslog message. |
Header | N/A | N/A | Syslog category: This is the defined facility and the severity |
ID | <object> | Number | Database ID, AlarmID or ElementID |
Log Message | <subject> | Text/String | Log Message |
Log Time | N/A | N/A | Log time. |
Log Type | <vmid> | Number | Log type: |
Severity | <severity> | Number | Severity: |
Syslog Time | N/A | N/A | Time of the syslog generation. |
user ID | <account> | Text/String | Unique Identifier (user ID) |