FortiEDR logs
FortiAnalyzer supports normalizing FortiEDR logs as Fabric logs.
The following field mapping applies:
FortiEDR Log Field |
Normalized Fabric Log Field |
---|---|
loguid,id |
loguid |
epid |
epid |
euid |
euid |
devid |
data_sourceid |
device_name, devid |
data_sourcename |
data_sourcetype |
data_sourcetype |
data_timestamp | data_timestamp |
component_type | app_cat |
data_id | app_id |
component_name | app_name |
autonomours_system | app_ref |
device_state | app_state |
action | event_action |
event_id | event_id |
event_message | event_message |
destination |
event_outcome |
rule_list | event_policy |
severity | event_severity |
classification | event_subtype |
event_type | event_type |
last_seen |
file_accesstime |
first_seen |
file_createtime |
process_hash | file_hash |
process_nam, script, remediation_files | file_name |
process_path, script_path | file_path |
source_ip | host_ip |
mac_address | host_mac |
device_name | host_name |
operating_system |
host_osname |
remote_connection |
http_method |
organization | src_domain |
country | src_geo |
source_ip | src_ip |
action |
threat_action |
siem_threat_name |
threat_name |
siem_threat_pattern |
threat_pattern |
siem_threat_type |
threat_type |
users | user_id |
user_name | user_name |