9238 - MESGID_ANALYTICS_FSA_RESULT
Message ID: 9238
Message Description: MESGID_ANALYTICS_FSA_RESULT
Message Meaning: File verdict returned from FortiSandbox
Type: Virus
Category: analytics
Severity: Notice
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
fsaverdict |
FortiSandbox Verdict returned to FortiGate after analysis (clean, low risk, med risk, high risk, malicious) |
string |
32 |
vd |
VDOM name |
string |
32 |
unauthusersource |
|
string |
66 |
unauthuser |
|
string |
66 |
tz |
Time Zone |
string |
5 |
type |
Log type |
string |
16 |
time |
Time |
string |
8 |
subtype |
Subtype of the virus log |
string |
20 |
srcport |
Source Port |
uint16 |
5 |
srcip |
Source IP Address |
ip |
39 |
srcdomain |
|
string |
255 |
service |
Proxy service which scanned this traffic |
string |
5 |
logid |
Log ID |
string |
10 |
level |
Log level |
string |
11 |
filename |
File name |
string |
256 |
fctuid |
Forticlient user ID |
string |
32 |
eventtype |
Event type of AV |
string |
32 |
eventtime |
Time when detection occured |
uint64 |
20 |
dtype |
Data type for virus category |
string |
32 |
dstport |
Destination Port |
uint16 |
5 |
dstip |
Destination IP Address |
ip |
39 |
devid |
|
string |
16 |
date |
Date |
string |
10 |
analyticscksum |
The checksum of the file submitted for analytics |
string |
64 |
action |
The status of the session: blocked - Blocked infected file by AV engine passthrough - Allowed by AV engine monitored - Log, but do NOT block infected file analytics - Submitted to Sandbox for analysis |
string |
18 |