Event trigger variables
|
Variable |
Format |
Description |
|---|---|---|
|
devid |
${trigger.devid} |
Device ID |
|
devtype |
${trigger.devtype} |
Device type |
|
dst_epid |
${trigger.dst_epid} |
Destination endpoint ID |
|
dst_epip |
${trigger.dst_epip} |
Destination endpoint IP |
|
dst_epmac |
${trigger.dst_epmac} |
Destination endpoint MAC |
|
dst_epname |
${trigger.dst_epname} |
Destination endpoint name |
|
dst_fctuid |
${trigger.dst_fctuid} |
Destination FortiClient UID |
|
dvid |
${trigger.dvid} |
The dvid is an integer that represents devid+VDOM |
|
epid |
${trigger.epid} |
Endpoint ID |
|
epip |
${trigger.epip} |
Endpoint IP |
|
epmac |
${trigger.epmac} |
Endpoint MAC |
|
epname |
${trigger.epname} |
Endpoint name |
|
euid |
${trigger.euid} |
End user ID |
|
euname |
${trigger.euname} |
End user name |
|
event_id |
${trigger.event_id} |
Event ID |
|
event_status |
${trigger.event_status} |
Event status |
|
event_time |
${trigger.event_time} |
Event time |
|
event_type |
${trigger.event_type} |
Event type |
|
extrainfo |
${trigger.extrainfo} |
Extra information |
|
fctuid |
${trigger.fctuid} |
FortiClient UID |
|
groupby1 |
${trigger.groupby1} |
Groupby1 |
|
groupby2 |
${trigger.groupby2} |
Groupby2 |
|
groupby3 |
${trigger.groupby3} |
Groupby3 |
|
handler_name |
${trigger.handler_name} |
Handler name |
|
handler_type |
${trigger.handler_type} |
Handler type |
|
indicator |
${trigger.indicator} |
Indicator |
|
logtype |
${trigger.logtype} |
Log type |
|
mitre_info |
${trigger.mitre_info} |
Mitre INFO |
|
rule_name |
${trigger.rule_name} |
Rule name |
|
severity |
${trigger.severity} |
Severity |
|
subject |
${trigger.subject} |
Subject |
|
subtype |
${trigger.subtype} |
Subtype |
|
tag |
${trigger.tag} |
Tag |
|
threat_type |
${trigger.threat_type} |
Threat type |
|
vdom |
${trigger.vdom} |
VDOM |