DOCUMENT LIBRARY

FNC Python Library

Home FortiNDR Cloud 2024.10.0 FNC Python Library

2024.10.0

Event Type Structure

Event Type Structure

Suricata

Field	Type	Description	Example
alert	suricata.alert
customer_id	string	The code of the account that owns the event.	cust
dest_ip	string	The IP of the responder to the connection.	1.2.3.4
dest_port	integer	The port of the responder to the connection.	53
dst_ip_enrichments	ip_enrichments	Enrichments for an IP.
event_type	string	The type of event recorded.	flow
geo_distance	number	The difference between src and dst geo values.	1410.373826280689
http	suricata.http
intel	intel[ ]	Intel that matched entities in the event.
payload	string	The raw payload from the traffic that matched the signature.
proto	string	The transport layer protocol used.	tcp
sensor_id	string	The sensor that created the event.	sen1
source	string	The source of the event.	Zeek
src_ip	string	The IP of the initiator of the connection.	4.3.2.1
src_ip_enrichments	ip_enrichments	Enrichments for an IP.
src_port	integer	The port of the initiator of the connection.	52843
timestamp	string	The time at which traffic for the event began.	2019-01-01T00:00:00.000000Z
Uuid	string	A unique identifier for the event.	1ea156cb-9462-16e9-f5cf-02372fae0a1a

Suricata.alert

Field	Type	Description	Example
category	string	The signature's category.	A Network Trojan was Detected
rev	integer	The signature's revision number.	2
severity	integer	The signature's severity rating (1 = high, 3 = low).	1
signature	string	The signature's name.	ET TROJAN Jaff Ransomware Checkin M1
signature_id	integer	The signature's ID.	2024290

Suricata.http

Field	Type	Description	Example
hostname	string	The content Host header.	www.google.com
hostname_enrichments	ip_ enrichments or domain_enrichments	Enrichments for an IP or domain.
http_content_type	string	The fingerprinted MIME-type of the response content, use instead of response_mime.	text/html
http_method	string	The HTTP method selected.	GET
http_refer	string	The content of the Referrer header.	http://au.search.yahoo.com/search?p=planetside.co.uk&fr=sfp&fr2=sb-top-search
http_user_agent	string	The content of the `UserAgentheader`.	Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
length	integer	The length in bytes of the response.	24
protocol	string	The protocol version.	HTTP/1.1
redirect	string	The target location of the redirect.	http://dmd.metaservices.microsoft.com/metadata.svc
status	integer	The numeric code of the server's response.	200
url	string	The full URI of the request.	/index.php
xff	string	The content of the X-FORWARDED-FOR header	http://dmd.metaservices.microsoft.com/metadata.svc

Previous

Next

Event Type Structure

Event Type Structure

Suricata

Field	Type	Description	Example
alert	suricata.alert
customer_id	string	The code of the account that owns the event.	cust
dest_ip	string	The IP of the responder to the connection.	1.2.3.4
dest_port	integer	The port of the responder to the connection.	53
dst_ip_enrichments	ip_enrichments	Enrichments for an IP.
event_type	string	The type of event recorded.	flow
geo_distance	number	The difference between src and dst geo values.	1410.373826280689
http	suricata.http
intel	intel[ ]	Intel that matched entities in the event.
payload	string	The raw payload from the traffic that matched the signature.
proto	string	The transport layer protocol used.	tcp
sensor_id	string	The sensor that created the event.	sen1
source	string	The source of the event.	Zeek
src_ip	string	The IP of the initiator of the connection.	4.3.2.1
src_ip_enrichments	ip_enrichments	Enrichments for an IP.
src_port	integer	The port of the initiator of the connection.	52843
timestamp	string	The time at which traffic for the event began.	2019-01-01T00:00:00.000000Z
Uuid	string	A unique identifier for the event.	1ea156cb-9462-16e9-f5cf-02372fae0a1a

Suricata.alert

Field	Type	Description	Example
category	string	The signature's category.	A Network Trojan was Detected
rev	integer	The signature's revision number.	2
severity	integer	The signature's severity rating (1 = high, 3 = low).	1
signature	string	The signature's name.	ET TROJAN Jaff Ransomware Checkin M1
signature_id	integer	The signature's ID.	2024290

Suricata.http

Field	Type	Description	Example
hostname	string	The content Host header.	www.google.com
hostname_enrichments	ip_ enrichments or domain_enrichments	Enrichments for an IP or domain.
http_content_type	string	The fingerprinted MIME-type of the response content, use instead of response_mime.	text/html
http_method	string	The HTTP method selected.	GET
http_refer	string	The content of the Referrer header.	http://au.search.yahoo.com/search?p=planetside.co.uk&fr=sfp&fr2=sb-top-search
http_user_agent	string	The content of the `UserAgentheader`.	Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
length	integer	The length in bytes of the response.	24
protocol	string	The protocol version.	HTTP/1.1
redirect	string	The target location of the redirect.	http://dmd.metaservices.microsoft.com/metadata.svc
status	integer	The numeric code of the server's response.	200
url	string	The full URI of the request.	/index.php
xff	string	The content of the X-FORWARDED-FOR header	http://dmd.metaservices.microsoft.com/metadata.svc

Previous

Next