Device Details
|
Vendor |
Fortinet (enSilo) |
|---|---|
|
Device Type |
Next Generation Anti Virus |
|
Supported Model Name/Number |
Endpoint Security Product |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
N/A |
|
Log Source Type |
Syslog - enSilo NGAV |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://www.ensilo.com
|
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
System And Security Process Messages |
All |
<severity>, <vmid>, <dname>, <status>, <useragent>, <process>, <parentprocesspath>, <objecttype>, <objectname>, <dip>, <subject>, <action>, <seconds>, <vendorinfo>, <threatname>, <login>, <dmac>, <sname> |
|
General Information Messages |
All |
<severity>, <vmid>, <dname>, <status>, <objectname>, <subject>, <login> |
|
Catch All |
All |
<severity> |
Parsed Metadata Fields
|
Device Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|
Action |
Action |
Text/String |
|
Autonomous System |
SName |
Text/String |
|
Classification / Component Name |
ObjectName |
Text/String |
|
Count |
Seconds |
Number |
|
Destination |
DIP |
IP Address |
|
Destination / Description |
Subject |
Text/String |
|
Device Name / device |
DName |
Text/String |
|
Device State |
Status |
Text/String |
|
Event ID / Event |
VMID |
Number |
|
MAC Address |
DMAC |
MAC Address |
|
Operating System |
UserAgent |
Text/String |
|
Process Name |
Process |
Text/String |
|
Process Path |
ParentProcessPath |
Text/String |
|
Process Type |
ObjectType |
Text/String |
|
Rules List |
Policy |
Text/String |
|
severity |
Severity |
Text/String |
|
Users |
Login |
Text/String |