V 2.0 : FortiAnalyzer Event
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0 : FortiAnalyzer Event | Base Rule | General Event Log Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
Action | <action> | Text/String | Records the action taken, if applicable. |
Date | N/A | N/A | The year, month, and day when the event occurred in the format: YY-MM-DD. |
Time | N/A | N/A | The hour, minute, and second of when the event occurred. |
Description | N/A | N/A | The activity or event recorded by the FortiAnalyzer unit. |
Device ID | N/A | N/A | An identification number for the device that recorded the event. |
Device Time | N/A | N/A | The year, month, and day when the event occurred in the format: YY-MM-DD. It also includes the hour, minute, and second of when the event occurred. |
ID | <vmid> | Number | A ten-digit number that identifies the log type. The first two digits represent the log type, and the following two digits represent the log subtype. The last six digits represent the message ID number. |
Level | <severity> | Text/String | The severity level or priority of the event. There are several severity or priority levels. |
Msg | <subject> | Text/String | A description of the activity or event recorded by the FortiAnalyzer unit. |
Subtype | <objecttype> | Text/String | The subtype of each log message. |
Type | <object> | Text/String | The section of the system where the event occurred. |
User | <login> | Text/String | The name of the user creating the traffic. |
User From | N/A | N/A | Where the user initiated the activity or event, if applicable. |