Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : FortiAnalyzer Application Event |
Base Rule |
General Application Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
Date/Time |
N/A |
N/A |
The hour, minute, and second when the event occurred. |
|
Description (desc) |
N/A |
N/A |
A description of the activity or event recorded by the FortiAnalyzer unit. |
|
Destination End User ID (dsteuid) |
N/A |
N/A |
An identification number for the destination end user. |
|
Destination Endpoint ID (dstepid) |
N/A |
N/A |
An identification number for the destination endpoint. |
|
Device ID (devid) |
N/A |
N/A |
An identification number for the device that recorded the event. |
|
Device Name (devname) |
N/A |
N/A |
The name of the device that recorded the event. |
|
Device Time (dtime) |
N/A |
N/A |
The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred. |
|
End User ID (euid) |
N/A |
N/A |
An identification number for the end user. |
|
Endpoint ID (epid) |
N/A |
N/A |
An identification number for the endpoint user. |
|
Event ID (id) |
N/A |
N/A |
An identification number for the event. |
|
Event Type (eventtype) |
<action> |
Text/String |
The type of event recorded. |
|
Level (level) |
<severity> |
Text/String |
The severity level or priority of the event. There are several severity or priority levels |
|
Log ID (logid) |
<vmid> |
Number |
The message ID number. |
|
Message (msg) |
<subject> |
Text/String |
Explains the activity or event that the FortiAnalyzer unit recorded. |
|
Playbook name (playbook_name) |
N/A |
N/A |
The name of the playbook. |
|
Status (status) |
<status> |
Text/String |
The status of the playbook. |
|
Subtype (subtype) |
<objecttype> |
Text/String |
The subtype of each log message. |
|
Task Name (task_name) |
N/A |
N/A |
The name of the playbook task. |
|
Trigger Name (trigger_name) |
N/A |
N/A |
The identification number for the trigger. |
|
Trigger Type (trigger_type) |
N/A |
N/A |
The type of trigger. |
|
Type (type) |
<object> |
Text/String |
The section of the system where the event occurred. |
|
User (user) |
<login> |
Text/String |
The name of the user creating the traffic. |
|
User From (user_from) |
N/A |
N/A |
Where the user initiated the activity or event, if applicable. |
|
Virtual Domain (vd) |
<domainorigin> |
Text/String |
The name of the VDOM, if applicable. |