Parsers and Generated Fields
Tag Fields Created by Parser fortinet-fortigate
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser fortinet-fortigate
Source Field | LogScale Repository Field |
---|---|
Vendor.agent | agent.original |
Vendor.rcvdbyte | destination.bytes |
Vendor.dstip | destination.ip |
Vendor.remip | destination.ip |
Vendor.tranip | destination.nat.ip |
Vendor.tranport | destination.nat.port |
Vendor.rcvdpkt | destination.packets |
Vendor.dst | destination.port |
Vendor.dstport | destination.port |
Vendor.remport | destination.port |
Vendor.dstuser | destination.user.name |
Vendor.xid | dns.id |
Vendor.qclass | dns.question.class |
Vendor.qname | dns.question.name |
Vendor.qtype | dns.question.type |
Vendor.subject | email.subject |
Vendor.error | error.code |
Vendor.action | event.action |
Vendor.eventtype | event.action |
Vendor.sess | event.duration |
Vendor.event | event.id |
Vendor.eventid | event.id |
Vendor.error | event.message |
Vendor.ref | event.reference |
Vendor.extension | file.extension |
Vendor.infectedfiletype | file.extension |
Vendor.matchedfiletype | file.extension |
Vendor.filename | file.name |
Vendor.infectedfilename | file.name |
Vendor.matchedfilename | file.name |
Vendor.file | file.path |
Vendor.filesize | file.size |
Vendor.infectedfilesize | file.size |
Vendor.filetype | file.type |
Vendor.srcname | host.name |
Vendor.crlevel | level |
Vendor.level | log.level |
Vendor.dstcity | name |
Vendor.dstcountry | name |
Vendor.dstregion | name |
Vendor.scertcname | name[0] |
tls.client.issuer | name[0] |
tls.server.issuer | name[0] |
Vendor.app | network.application |
source.bytes | network.bytes |
source.packets | network.packets |
Vendor.devid | number |
Vendor.proto | number |
Vendor.dst | observer.egress.interface.name |
Vendor.dstintf | observer.egress.interface.name |
Vendor.dstintfrole | observer.egress.zone |
Vendor.src | observer.ingress.interface.name |
Vendor.srcintf | observer.ingress.interface.name |
Vendor.srcintfrole | observer.ingress.zone |
Vendor.devname | observer.name |
event.module | observer.product |
Vendor.app | process.name |
Vendor.appcat | rule.category |
Vendor.catdesc | rule.category |
Vendor.comment | rule.description |
Vendor.logdesc | rule.description |
Vendor.msg | rule.description |
Vendor.policyid | rule.id |
Vendor.policyname | rule.name |
Vendor.applist | rule.ruleset |
Vendor.policytype | rule.ruleset |
Vendor.profile | rule.ruleset |
Vendor.poluuid | rule.uuid |
Vendor.crscore | score |
Vendor.sentbyte | source.bytes |
source.ip | source.geo |
Vendor.locip | source.ip |
Vendor.srcip | source.ip |
Vendor.transip | source.nat.ip |
Vendor.transport | source.nat.port |
Vendor.sentpkt | source.packets |
Vendor.locport | source.port |
Vendor.src | source.port |
Vendor.srcport | source.port |
Vendor.group | source.user.group.name |
Vendor.unauthuser | source.user.name |
Vendor.user | source.user.name |
Vendor.ccertissuer | tls.client.issuer |
Vendor.scertissuer | tls.server.issuer |
Vendor.url | url.path |
source.user.name | user.name |
Vendor.dtype | vulnerability.category |