Mappings: Fortinet Virus Logs
Input | Value |
---|---|
Vendor | Fortinet |
Product | Fortigate |
Log Format | JSON |
Event ID Regex Pattern | utm-virus |
Output | Value |
---|---|
Vendor | Fortinet |
Product | Fortigate |
Record Type | Network |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | action | |
baseImage | filename | |
description | msg | |
device_hostname | devname | |
device_uniqueId | devid | |
dstDevice_ip | dstip | |
dstPort | dstport | |
file_basename | filename | |
file_hash_sha256 | analyticscksum | |
http_url | http_url | |
http_userAgent | agent | |
ipProtocol | proto | |
normalizedSeverity | crlevel | This is a lookup field. More info to come in the catalog later... |
severity | crlevel | |
srcDevice_ip | srcip | |
srcPort | srcport | |
success | action | This is a lookup field. More info to come in the catalog later... |
threat_name | virus | |
threat_ruleType | None | The static text malware is populated in this schema field. |
timestamp | _starttime | We expect the orginal record value of _starttime is in the format epoch_ms |
user_username | user |