Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.7.0
    2024.10.0
    2024.9.0
    2024.7.0

    Search for intel

    Search for intel

    The intel field is an array of intel-objects, meaning there could be multiple records for a given event. When a query is applied to an event with multiple intel records, the values for each field are flattened into individual arrays before the query logic is applied to the values.

    The following table lists the fields contain in intel-objects:

    Field Type Description Example

    confidence

    		 String The overall confidence rating of the intel source

    high

    feed

    		 String The name of the intel source

    Sinkholes

    indicator

    		 String The matched entity

    131.253.18.12

    indicator_type

    		 String The entity type

    ip_address

    is_malicious

    		 Boolean Indicates whether the indicator is believed to be malicious

    false

    meta

    		 String A JSON string of all metadata provided by the intel source

    {"description":"Observed C2 Activity","references":["Fortinet FortiGuard Labs"]}

    severity

    		 String The overall severity rating of the intel source

    high

    timestamp

    		 Timestamp The creation time of the intel record

    2019-01-01T00:00:00.000Z
    Previous
    Next

    Search for intel

    Search for intel

    The intel field is an array of intel-objects, meaning there could be multiple records for a given event. When a query is applied to an event with multiple intel records, the values for each field are flattened into individual arrays before the query logic is applied to the values.

    The following table lists the fields contain in intel-objects:

    Field Type Description Example

    confidence

    		 String The overall confidence rating of the intel source

    high

    feed

    		 String The name of the intel source

    Sinkholes

    indicator

    		 String The matched entity

    131.253.18.12

    indicator_type

    		 String The entity type

    ip_address

    is_malicious

    		 Boolean Indicates whether the indicator is believed to be malicious

    false

    meta

    		 String A JSON string of all metadata provided by the intel source

    {"description":"Observed C2 Activity","references":["Fortinet FortiGuard Labs"]}

    severity

    		 String The overall severity rating of the intel source

    high

    timestamp

    		 Timestamp The creation time of the intel record

    2019-01-01T00:00:00.000Z
    Previous
    Next