V 2.0 : FortiAnalyzer Application Event
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : FortiAnalyzer Application Event | Base Rule | General Application Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
Date/Time | N/A | N/A | The hour, minute, and second when the event occurred. |
Description (desc) | N/A | N/A | A description of the activity or event recorded by the FortiAnalyzer unit. |
Destination End User ID (dsteuid) | N/A | N/A | An identification number for the destination end user. |
Destination Endpoint ID (dstepid) | N/A | N/A | An identification number for the destination endpoint. |
Device ID (devid) | N/A | N/A | An identification number for the device that recorded the event. |
Device Name (devname) | N/A | N/A | The name of the device that recorded the event. |
Device Time (dtime) | N/A | N/A | The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred. |
End User ID (euid) | N/A | N/A | An identification number for the end user. |
Endpoint ID (epid) | N/A | N/A | An identification number for the endpoint user. |
Event ID (id) | N/A | N/A | An identification number for the event. |
Event Type (eventtype) | <action> | Text/String | The type of event recorded. |
Level (level) | <severity> | Text/String | The severity level or priority of the event. There are several severity or priority levels |
Log ID (logid) | <vmid> | Number | The message ID number. |
Message (msg) | <subject> | Text/String | Explains the activity or event that the FortiAnalyzer unit recorded. |
Playbook name (playbook_name) | N/A | N/A | The name of the playbook. |
Status (status) | <status> | Text/String | The status of the playbook. |
Subtype (subtype) | <objecttype> | Text/String | The subtype of each log message. |
Task Name (task_name) | N/A | N/A | The name of the playbook task. |
Trigger Name (trigger_name) | N/A | N/A | The identification number for the trigger. |
Trigger Type (trigger_type) | N/A | N/A | The type of trigger. |
Type (type) | <object> | Text/String | The section of the system where the event occurred. |
User (user) | <login> | Text/String | The name of the user creating the traffic. |
User From (user_from) | N/A | N/A | Where the user initiated the activity or event, if applicable. |
Virtual Domain (vd) | <domainorigin> | Text/String | The name of the VDOM, if applicable. |