Parsers and Generated Fields
Tag Fields Created by Parser fortinet-fortigate
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser fortinet-fortigate
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.agent | agent.original |
| Vendor.rcvdbyte | destination.bytes |
| Vendor.dstip | destination.ip |
| Vendor.remip | destination.ip |
| Vendor.tranip | destination.nat.ip |
| Vendor.tranport | destination.nat.port |
| Vendor.rcvdpkt | destination.packets |
| Vendor.dst | destination.port |
| Vendor.dstport | destination.port |
| Vendor.remport | destination.port |
| Vendor.dstuser | destination.user.name |
| Vendor.xid | dns.id |
| Vendor.qclass | dns.question.class |
| Vendor.qname | dns.question.name |
| Vendor.qtype | dns.question.type |
| Vendor.subject | email.subject |
| Vendor.error | error.code |
| Vendor.action | event.action |
| Vendor.eventtype | event.action |
| Vendor.sess | event.duration |
| Vendor.event | event.id |
| Vendor.eventid | event.id |
| Vendor.error | event.message |
| Vendor.ref | event.reference |
| Vendor.extension | file.extension |
| Vendor.infectedfiletype | file.extension |
| Vendor.matchedfiletype | file.extension |
| Vendor.filename | file.name |
| Vendor.infectedfilename | file.name |
| Vendor.matchedfilename | file.name |
| Vendor.file | file.path |
| Vendor.filesize | file.size |
| Vendor.infectedfilesize | file.size |
| Vendor.filetype | file.type |
| Vendor.srcname | host.name |
| Vendor.crlevel | level |
| Vendor.level | log.level |
| Vendor.dstcity | name |
| Vendor.dstcountry | name |
| Vendor.dstregion | name |
| Vendor.scertcname | name[0] |
| tls.client.issuer | name[0] |
| tls.server.issuer | name[0] |
| Vendor.app | network.application |
| source.bytes | network.bytes |
| source.packets | network.packets |
| Vendor.devid | number |
| Vendor.proto | number |
| Vendor.dst | observer.egress.interface.name |
| Vendor.dstintf | observer.egress.interface.name |
| Vendor.dstintfrole | observer.egress.zone |
| Vendor.src | observer.ingress.interface.name |
| Vendor.srcintf | observer.ingress.interface.name |
| Vendor.srcintfrole | observer.ingress.zone |
| Vendor.devname | observer.name |
| event.module | observer.product |
| Vendor.app | process.name |
| Vendor.appcat | rule.category |
| Vendor.catdesc | rule.category |
| Vendor.comment | rule.description |
| Vendor.logdesc | rule.description |
| Vendor.msg | rule.description |
| Vendor.policyid | rule.id |
| Vendor.policyname | rule.name |
| Vendor.applist | rule.ruleset |
| Vendor.policytype | rule.ruleset |
| Vendor.profile | rule.ruleset |
| Vendor.poluuid | rule.uuid |
| Vendor.crscore | score |
| Vendor.sentbyte | source.bytes |
| source.ip | source.geo |
| Vendor.locip | source.ip |
| Vendor.srcip | source.ip |
| Vendor.transip | source.nat.ip |
| Vendor.transport | source.nat.port |
| Vendor.sentpkt | source.packets |
| Vendor.locport | source.port |
| Vendor.src | source.port |
| Vendor.srcport | source.port |
| Vendor.group | source.user.group.name |
| Vendor.unauthuser | source.user.name |
| Vendor.user | source.user.name |
| Vendor.ccertissuer | tls.client.issuer |
| Vendor.scertissuer | tls.server.issuer |
| Vendor.url | url.path |
| source.user.name | user.name |
| Vendor.dtype | vulnerability.category |