FortiSandbox logs
FortiAnalyzer supports normalizing FortiSandbox logs as Fabric logs.
The following field mapping applies:
|
FortiSandbox Log Field |
Normalized Fabric Log Field |
|---|---|
|
loguid,id |
loguid |
|
epid |
epid |
|
euid |
euid |
| devid,device_id | data_sourceid |
| data_source_name | data_sourcename |
|
data_sourcetype |
data_sourcetype |
| data_timestamp | data_timestamp |
| vmos | app_cat |
| jobid,sid | app_id |
| vmname | app_name |
| pid | app_proc |
| rsrc | app_ref |
| service | app_service |
| vmkey | app_ver |
| dstip | dst_ip |
| dstport | dst_port |
| concat_eventaction,snmpaction | event_action |
| logid,log_id | event_id |
| msg | event_message |
| letype | event_ref |
| level | event_severity |
| subtype | event_subtype |
| type | event_type |
| ftype | file_ext |
| file_hash | file_hash |
| file_hash_type | file_hashtype |
| fname | file_name |
| filepath | file_path |
| host_classification | host_classification |
| host_hwvendor | host_hwvendor |
| host_hwver | host_hwver |
| host_ip | host_ip |
| host_mac | host_mac |
| hostname,host,host_name | host_name |
| host_osname | host_osname |
| host_osver | host_osver |
| host_type | host_type |
| host_uid | host_uid |
| url | http_url |
| emlsndr | mail_from |
| subject | mail_subject |
| emlrcvr | mail_to |
| proto | net_proto |
| srcip | src_ip |
| srcport | src_port |
| attackname,mname | threat_name |
| risk | threat_severity |
| stype | user_classification |
| ui | user_domain |
| user_email | |
| user,unauthuser,suser | user_id |