Alert
MALWARE
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
devid |
Device ID for FortiSandbox in FortiAnalyzer |
string |
16 |
logid |
Log ID |
string |
8 |
type |
Log Type |
string |
16 |
subtype |
Log Subtype |
string |
32 |
level |
Log Level |
string |
16 |
tzone |
time offset in seconds to UTC |
int32 |
32 |
clientdev |
Client Device |
string |
64 |
clientvd |
Client VDOM |
string |
64 |
fname |
File Name |
string |
1024 |
jobid |
Job process ID |
string |
16 |
md5 |
MD5 checksum |
string |
32 |
mname |
Malware Name |
string |
256 |
proto |
Protocol |
string |
16 |
risk |
Risk name |
string |
16 |
sha256 |
SHA256 checksum |
string |
64 |
scanstart |
Scan Start Time |
uint32 |
32 |
scaned |
Scan End Time |
uint32 |
32 |
srcip |
Source IP address |
string |
45 |
srcport |
Source Port Number |
int32 |
32 |
dstip |
Destination IP Address |
string |
45 |
dstport |
Destination Port Number |
int32 |
32 |
stype |
Source Type |
string |
16 |
suser |
Source User Name |
string |
64 |
url |
URL |
string |
2048 |
vd |
VDOM |
string |
32 |
vmos |
Virtual Machine OS |
string |
128 |
jstatus |
Job Status |
string |
16 |
malwarecategory |
Malware category |
string |
256 |
NETATTACK
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
virusid |
Virus ID |
int32 |
32 |
attackid |
Attack ID |
int32 |
32 |
srcipport |
source ip and port |
string |
48 |
dstipport |
destination ip and port |
string |
48 |
host |
Host name |
string |
256 |
attackname |
Attack Name |
string |
128 |
botnetname |
Botnet Name |
string |
128 |
jstatus |
Job Status |
string |
16 |
NETBOTNET
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
devid |
Device ID for FortiSandbox in FortiAnalyzer |
string |
16 |
logid |
Log ID |
string |
8 |
type |
Log Type |
string |
16 |
subtype |
Log Subtype |
string |
32 |
level |
Log Level |
string |
16 |
virusid |
Virus ID |
int32 |
32 |
attackid |
Attack ID |
int32 |
32 |
srcipport |
source ip and port |
string |
48 |
dstipport |
destination ip and port |
string |
48 |
host |
Host name |
string |
256 |
attackname |
Attack Name |
string |
128 |
botnetname |
Botnet Name |
string |
128 |
vd |
VDOM |
string |
32 |
jstatus |
Job Status |
string |
16 |
NETURL
Log Field Name |
Description |
Data Type |
Length |
---|---|---|---|
devid |
Device ID for FortiSandbox in FortiAnalyzer |
string |
16 |
logid |
Log ID |
string |
8 |
type |
Log Type |
string |
16 |
subtype |
Log Subtype |
string |
32 |
level |
Log Level |
string |
16 |
virusid |
Virus ID |
int32 |
32 |
attackid |
Attack ID |
int32 |
32 |
srcipport |
source ip and port |
string |
48 |
dstipport |
destination ip and port |
string |
48 |
host |
Host name |
string |
256 |
attackname |
Attack Name |
string |
128 |
botnetname |
Botnet Name |
string |
128 |
vd |
VDOM |
string |
32 |
jstatus |
Job Status |
string |
16 |