FortiDeceptor logs
FortiAnalyzer supports normalizing FortiDeceptor logs as Fabric logs.
The following field mapping applies:
|
FortiDeceptor Log Field |
Normalized Fabric Log Field |
|---|---|
| loguid,id | loguid |
| epid | epid |
| euid | euid |
| devid | data_sourceid |
| data_source_name | data_sourcename |
| data_sourcetype | data_sourcetype |
| dtime | data_timestamp |
| service | app_service |
| victimip | dst_ip |
| action | event_action |
| eventid | event_id |
| msg | event_message |
| status | event_outcome |
| level | event_severity |
| subtype | event_subtype |
| type | event_type |
| host_classification | host_classification |
| host_hwvendor | host_hwvendor |
| host_hwver | host_hwver |
| host_ip | host_ip |
| host_mac | host_mac |
| host_name | host_name |
| host_osname | host_osname |
| host_osver | host_osver |
| host_type | host_type |
| host_uid | host_uid |
| attackerip | src_ip |
| user | user_id |
| username | user_name |