All Logs Page 1
Every FortiSIEM internally generated event log regardless of category
EventType: JDBC_PULL_UNSUPP_DEV
Description: Unsupported device type for JDBC Pull
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: JMX_JDBC_PULL_STAT
Description: JDBC Event pull statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: MSSQL_JDBC_PULL_STAT
Description: JDBC Event pull statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: MYSQL_JDBC_PULL_STAT
Description: JDBC Event pull statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: ORADB_JDBC_PULL_STAT
Description: JDBC Event pull statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_ATTR_NOT_FOUND
Description: Agent Manager Cisco ACI monitoring module cannot find specific attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_CURL_HANDLE_GET_FAILED
Description: Agent Manager Cisco ACI monitoring module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_FILE_WRITE_ERROR
Description: Agent Manager Cisco ACI monitoring module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ACI_JSON_PARSE_FAILED
Description: Agent Manager Cisco ACI monitoring module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_SERVER_EMPTY
Description: Agent Manager Cisco ACI monitoring module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ACI_TOKEN_GET_FAILED
Description: Agent Manager Cisco ACI monitoring module cannot get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_CURL_HANDLE_GET_FAILED
Description: Agent Manager Alert Logic log parsing module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_LOAD_ERROR
Description: Agent Manager Alert Logic log parsing module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_READ_ERROR
Description: Agent Manager Alert Logic log parsing module found wrong format in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_FILE_WRITE_ERROR
Description: Agent Manager Alert Logic log parsing module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_DATA
Description: Agent Manager Alert Logic log parsing module found invalid data format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_INVALID_PATH
Description: Agent Manager Alert Logic log parsing module found invalid incident path
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_ALERTLOGIC_QUERY_INTERVAL_TOO_LONG
Description: Agent Manager Alert Logic log parsing module found query interval is larger, it will be narrowed in one week
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_ALERTLOGIC_SERVER_EMPTY
Description: Agent Manager Alert Logic log parsing module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_CURL_CONNECT_FAILED
Description: Agent Manager AMP Cloud log parsing module unable to connect server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_CURL_HANDLE_GET_FAILED
Description: Agent Manager AMP Cloud log parsing module unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_FILE_LOAD_ERROR
Description: Agent Manager AMP Cloud log parsing module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_FILE_READ_ERROR
Description: Agent Manager AMP Cloud log parsing module found wrong format in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AMPCLOUD_INVALID_DATA
Description: Agent Manager AMP Cloud log parsing module found Invalid data format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_JSON_PARSE_FAILED
Description: Agent Manager AMP Cloud log parsing module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_AMPCLOUD_NO_DEFINE_SEVERITY
Description: Agent Manager AMP Cloud log parsing module found event severity is not defined
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AMPCLOUD_SERVER_EMPTY
Description: Agent Manager AMP Cloud log parsing module found server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_API_PERMISSION_MISSING
Description: There is no permission
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWSCLOUDWATCH_GETLOGS
Description: Attempting to get cloudwatch logs from log group and stream
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
groupName |
Group Name |
string |
|
streamName |
AWS Stream Name |
string |
|
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_AGENTMGR_AWSFLOWLOG_EVENT_PULL_FAILED
Description: Agent Manager AWS module failed to get AWS Flow log after 5 tries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWSFLOWLOG_FILE_WRITE_ERROR
Description: Agent Manager AWS Flow log handling module unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AWSFLOWLOG_LOG_FORMAT_WRONG
Description: Agent Manager AWS Flow log handling module encountered wrong log format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWSKINESIS_CONSUMER_START_FAILED
Description: Failed to start Kinesis consumer process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_CACHE_FILE_ERROR
Description: Agent Manager AWS Cache file is not available
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_DELETE_OJECTKEY_FAILED
Description: Failed to delete object key from SQS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_DOWNLOAD_OJECT_FAILED
Description: Failed to download object from bucket
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_EVT_DOWNLOAD_FAILED
Description: Agent Manager AWS module failed to download event by do_system failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
EventType: PH_AGENTMGR_AWS_EVT_SEND_FAILED
Description: Agent Manager AWS module failed to send cloudtrail event to phParser after 5 tries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_GET_OJECTKEY_FAILED
Description: Agent Manager AWS agent failed to get object key from SQS
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_AWS_GZ_FILE_OPEN_ERROR
Description: Agent Manager AWS module gailed to open gz file, or not enough memory to open it
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_AWS_JSON_PARSE_FAILED
Description: Agent Manager AWS module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_AWS_SQSURL_FORMAT_ERROR
Description: Agent Manager AWS Sqs Url format is wrong
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_API_CALL_FAILED
Description: Agent Manager BOX module failed to call BOX API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_ATTR_NOT_FOUND
Description: Agent Manager BOX module cannot find attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_EVENT_PULL_FAILED
Description: Agent Manager BOX module failed to pull BOX log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
accountName |
Account Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_BOX_FILE_ID_EMPTY
Description: Agent Manager BOX module found empty file ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_FILE_LIMIT_EXCEED
Description: Agent Manager BOX module found that the number of monitoring file exceeded limit
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_FILE_NOT_MONITORED_ERROR
Description: Agent Manager BOX module found that the file is not monitored before
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_BOX_FILE_PATH_PARSE_FAILED
Description: Agent Manager BOX module could not parse file path
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_BOX_FILE_TYPE_WRONG
Description: Agent Manager BOX module found wrong file type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
fileType |
File Type |
string |
|
EventType: PH_AGENTMGR_BOX_FOLDER_TYPE_WRONG
Description: Agent Manager BOX module found wrong folder type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_HTTP_NO_RESPONSE
Description: Agent Manager BOX module did not find response from App Server Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
EventType: PH_AGENTMGR_BOX_JSON_PARSE_FAILED
Description: Agent Manager BOX module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_RESPONSE_NO_SPECIAL_ATTRIBUTE
Description: Agent Manager BOX module response doesn't have special node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_BOX_TIME_CONVERT_FAILED
Description: Agent Manager BOX module could not convert time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_BOX_XML_PARSE_FAILED
Description: Agent Manager BOX module failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CISCOAMP_CONSUMER_START_FAILED
Description: Failed to start Cisco AMP consumer process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_API_CALL_FAILED
Description: CloudPassage Halo REST API call api failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_FILE_WRITE_ERROR
Description: Unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_CLOUDPASSAGE_GET_EVENT_FAILED
Description: Failed to get event from CloudPassage API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_EMPTY
Description: JSON is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CLOUDPASSAGE_JSON_PARSE_FAILED
Description: Failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CLOUDPASSAGE_TOKEN_EMPTY
Description: Token is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CLOUDTRAIL_FILE_READ_FAILED
Description: Agent Manager AWS CloudTrail module encountered error while reading Cloudtrail queue cache file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_CONFIG_ERROR
Description: Agent Manager own configuration error
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_CONFIG_VERSION_SEND_FAILED
Description: Agent Manager failed to send config version to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_CONFIG_WARNING
Description: FortiSIEM Agent Manager configuration warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_CREDENTIAL_GET_FAILED
Description: Agent Manager failed to get credentials
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
jobName |
Job Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CROWDSTRIKE_GET_DATAFEED_URL_FAILED
Description: Failed to get crowdstrike datafeed url
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_CUST_RESULT_UPLOAD_FAILED
Description: Agent Manager failed to upload test custom performance monitor result xml to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_DIR_CREATE_FAILED
Description: Could not create dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
dirName |
Directory Name |
string |
|
EventType: PH_AGENTMGR_EVENT_PULL_FAILED
Description: Agent Manager Rapid7 InsightVM pulling engine failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
accountName |
Account Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FALCONDATAREP_SCRIPT_FAILED
Description: Failed to run Falcon Data Replicator script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FILE_PARSE_ERROR
Description: Agent Manager/module failed to parse file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FILE_WRITE_ERROR
Description: Agent Manager Rapid7 InsightVM pulling engine failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_CERT_DOWNLOAD_FAILED
Description: Agent Manager/FireAMP Module cannot download certificate file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_DATA_FORMAT_SET_FAILED
Description: Agent Manager/FireAMP Module encountered missing event mapping configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_EVENT_PULL_FAILED
Description: Agent Manager/FireAMP Module failed to pull log from server!
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_FIREAMP_EVT_TYPE_LOAD_FAILED
Description: Agent Manager/FireAMP Module encountered empty event mapping configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_FILE_LOAD_ERROR
Description: Agent Manager/FireAMP Module failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_FIREAMP_FILE_OPEN_ERROR
Description: Agent Manager/FireAMP Module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_FIREAMP_INVALID_DATA
Description: Agent Manager/FireAMP Module found invalid response data
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NEW_AGENT_FAILED
Description: Agent Manager/FireAMP Module - new agent failed
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NO_ATTR
Description: No configuration event attribute
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FIREAMP_NO_PROTOCOL
Description: Can't find protocol number from IANA table
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ALERT_ERROR
Description: Failed to get sevices alerts
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serviceName |
Service Name |
string |
|
EventType: PH_AGENTMGR_FORTICASB_GET_SERVICE_ERROR
Description: Failed to get sevices
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
unitId |
Unit Id |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_FAILED
Description: FortiNDR cloud integration failed to call API URI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
msg |
Message |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NEXT_PAGE
Description: FortiNDR paginated api call being made
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_NO_RESULTS
Description: API call to FortiNDR api returned no results, this is normal if no results in defined time interval
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_API_CALL_RESULTS
Description: FortiNDR cloud integration called API URI successfully
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
msg |
Message |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_KEY
Description: FortiNDR integration is processing an s3 bucket key
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
bucketName |
Bucket Name |
string |
|
userKey |
User Key |
string |
|
categoryType |
Category Type |
string |
|
EventType: PH_AGENTMGR_FORTINDR_GET_BUCKET_OBJ
Description: FortiNDR integration is downloading an object from s3 bucket
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
bucketName |
Bucket Name |
string |
|
userKey |
User Key |
string |
|
categoryType |
Category Type |
string |
|
EventType: PH_AGENTMGR_GET_SCAN_RESULTS_FAILED
Description: Failed to get the scan result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_API_CALL_FAILED
Description: Agent Manager/GitHub module failed to call Github API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_CREDENTIAL_GET_FAILED
Description: Agent Manager/GitHub module failed to get credential from App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
EventType: PH_AGENTMGR_GITHUB_EVENT_PULL_FAILED
Description: Agent Manager/GitHub module failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
accountName |
Account Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_GITHUB_FILE_OPEN_ERROR
Description: Agent Manager/GitHub module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_GITHUB_JSON_PARSE_FAILED
Description: Agent Manager/GitHub module failed to parse JSON response from GitHub server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GITHUB_TIME_CONVERT_FAILED
Description: Agent Manager/GitHub module failed to convert time in JSON response from GitHub server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GIT_CLONE_REPO_FAILED
Description: Failed to git clone by do_system
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
EventType: PH_AGENTMGR_GIT_HANDLE_ERR_FILE_FAILED
Description: Failed to handle error file
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GIT_PULL_EVT_FAILED
Description: Failed to get git log by do_system
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
EventType: PH_AGENTMGR_GIT_SAVE_COMMITID_FAILED
Description: Failed to save CommitId of repository
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_GZ_FILE_OPEN_ERROR
Description: Failed to open gz file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_INIT_AGENT
Description: Initialize agent
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_INIT_CACHE_FILE_FAILED
Description: FortiSIEM Agent Manager failed to initialize cache
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_INIT_NO_CRED
Description: Agent Manager/Cisco IPS log pulling module failed to initialize due to missing credentials
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_INVALID_MGR
Description: Invalid Agent Manager
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_IPS_AUTH_FAILED
Description: Agent Manager/Cisco IPS log pulling module found wrong user name, password for logging to IPS appliance
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_IPS_EVENT_PULL_FAILED
Description: Agent Manager/Cisco IPS log pulling module failed to pull Cisco IPS log from server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_IPS_FILE_OPEN_ERROR
Description: Agent Manager/Cisco IPS log pulling module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_IPS_OBTAIN_SUBSCRIPTION_FAILED
Description: Agent Manager/Cisco IPS log pulling module failed to obtain subscription id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_IPS_SET_SSL_FAILED
Description: SSL setting doesn't work
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_PIPE_WRITE_FAILED
Description: Failed to write to java agent pipe
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_AGENT_START_FAILED
Description: Agent Manager failed to start Java agent, will retry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_TYPE_UNKNOWN
Description: Agent Manager encountered unknown java agent job type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_AGENT_USER_MISSING
Description: FortiSIEM Agent Manager found user name missing in java Agent configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_AGENTMGR_JAVA_AGENT_ZOMBIE
Description: Agent Manager found Java Agent is in zombie state
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_CMD_SEND_FAILED
Description: Agent Manager failed to send commands to java agent, need to be killed
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_FORK_FAILED
Description: Agent Manager failed to fork Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_INCOMPLETE_DEV_INFO
Description: Agent Manager found incomplete device info for Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_JAVA_NO_DEV_TYPE_FOR_JDBC
Description: Agent Manager encountered missing device type for Java Agent JDBC monitoring
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_JAVA_NO_STATUS_FILE
Description: Agent Manager missing status file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_JAVA_PIPE_FAILED
Description: Agent Manager failed to Pipe command for Java Agent
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_PROCESS_STATE_GET_FAILED
Description: Agent Manager failed to get Java Agent process state
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_JAVA_SIGKILL_SEND_FAILED
Description: Agent Manager failed to send SIGKILL to java agent
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_JAVA_UNSUPPORT_DEV_TYPE_FOR_JDBC
Description: Agent Manager encountered unsupported device type for Java Agent JDBC monitoring
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_JAVA_USER_PWD_GET_FAILED
Description: Agent Manager failed to get user name and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_JSON_PARSE_FAILED
Description: Agent Manager Rapid7 InsightVM monitoring module failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_CONSUME_LOG_FAILED
Description: Agent Manager / Kafka Consumer failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER
Description: phKafkaConsumer creates a consumer handle successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
groupName |
Group Name |
string |
|
user |
User |
string |
|
topicName |
Topic Name |
string |
Kafka Topic Name |
EventType: PH_AGENTMGR_KAFKA_CREATE_CONSUMER_FAILED
Description: Agent Manager / Kafka Consumer failed to create consumer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_PRODUCER_FAILED
Description: Agent Manager / Kafka Consumer failed to create producer
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_CREATE_TOPIC_FAILED
Description: Agent Manager / Kafka Consumer failed to create topic
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
topicName |
Topic Name |
string |
Kafka Topic Name |
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_ERROR
Description: Agent Manager / Kafka Consumer encountered occur
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_AGENTMGR_KAFKA_METADATA_FAILED
Description: Agent Manager / Kafka Consumer failed to get metadata
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_PRODUCER_ERROR
Description: Event Forwarder failed to write events into Kafka
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_AGENTMGR_KAFKA_PULL_JOB_FAILED
Description: Agent Manager / Kafka Consumer failed to Consume log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_REBALANCE
Description: Kafka rebalanceCb
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_KAFKA_RELEASE_CONSUMER
Description: phKafkaConsumer releases a consumer handle
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
groupName |
Group Name |
string |
|
user |
User |
string |
|
topicName |
Topic Name |
string |
Kafka Topic Name |
EventType: PH_AGENTMGR_KAFKA_START_FAILED
Description: Agent Manager / Kafka Consumer failed to start
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_SUBSCRIBE_FAILED
Description: Agent Manager / Kafka Consumer failed to subscribe topic
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
topicName |
Topic Name |
string |
Kafka Topic Name |
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_UPDATE_CONFIG_FAILED
Description: Agent Manager / Kafka Consumer failed to update attribute in config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KAFKA_UPDATE_ERROR
Description: Agent Manager / Kafka Consumer failed to update failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_KILL_PROCESS
Description: Try to kill process
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_CONFIG_ARM_FAILED
Description: Agent Manager / MS Azure config mode arm failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_MSAZURE_DOWNLOAD_FAILED
Description: Agent Manager / MS Azure failed to download Azure audit log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_MSAZURE_JSON_EMPTY
Description: Agent Manager / MS Azure found empty returned JSON from Azure
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_NAME_EMPTY
Description: Agent Manager / MS Azure JSON file name is empty from Azure
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_FILE_PARSE_FAILED
Description: Agent Manager / MS Azure found malformed JSON file from Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_JSON_PARSE_FAILED
Description: Agent Manager / MS Azure found malformed JSON from Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSAZURE_LOGIN_FAILED
Description: Agent Manager / MS Azure failed to login to Azure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_MSG_QUEUE_ACCESS_FAILED
Description: Agent Manager failed to access message queue
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_MSG_RECV_FAILED
Description: Agent Manager failed to receive msg
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_OFFICE365_API_CALL_FAILED
Description: Agent Manager / Office365 log pulling engine failed to call api
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_EVENT_PULL_FAILED
Description: Agent Manager / Office365 log pulling engine failed to pull log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
accountName |
Account Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_FILE_WRITE_ERROR
Description: Agent Manager / Office365 log pulling engine unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OFFICE365_GET_SUBSCRIBE_FAILED
Description: FortiSIEM Agent Manager failed to get Office365 subscription
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_JSON_PARSE_FAILED
Description: Agent Manager / Office365 log pulling engine failed to parse Office365 JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_START_SUBSCRIBE_FAILED
Description: FortiSIEM Agent Manager failed to start Office365 subscription
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_EMPTY
Description: FortiSIEM Agent Manager found Office365 subscription to be empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_SUBSCRIBE_FAILED
Description: Agent Manager / Office365 log pulling engine failed to get subscription list
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OFFICE365_TOKEN_EMPTY
Description: Agent Manager / Office365 log pulling engine found empty Token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_OKTA_EVT_DOWNLOAD_FAILED
Description: Agent Manager / OKTA failed to download events
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OKTA_FILE_WRONG
Description: Agent Manager / OKTA encountered wrong Okta user list file. Please download again
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OKTA_NO_USER_INFO
Description: Agent Manager / OKTA user list file doesn't contain any user info
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_FAILED
Description: Agent Manager / OKTA failed to upload discovery result to App server
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_OKTA_RESULT_UPLOAD_WARNING
Description: FortiSIEM Agent Manager failed to upload OKTA User list to App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PARSER_UNABLE_CONNECT
Description: Agent Manager unable to connect to parser host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
ipPort |
IP Port |
uint16 |
IP port number |
EventType: PH_AGENTMGR_PERF_OBJ_PARSE_FAILURE
Description: Agent Manager did not find any performance objects to monitor
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PROCESS_INIT_FAILED
Description: Agent Manager failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_PULLING_JOB_OUTDATE
Description: FortiSIEM Agent Manager job pull error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
jobName |
Job Name |
string |
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_AGENTMGR_REST_API_CALL_FAILED
Description: Agent fails to call rest API
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_AGENTMGR_RSAS_XML_PARSE_FAILED
Description: AgentManager failed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_RUN_CMD_FAILED
Description: do_system failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_RUN_SCRIPT_FAILED
Description: AgentManager failed to run script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_RUN_SCRIPT_WITHOUT_TASK_ID
Description: AgentManager found missing task id in run script notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_ATTR_NOT_FOUND
Description: Agent Manager / Salesforce log pulling engine cannot find attribute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_COLUMN_NOT_FOUND
Description: Agent Manager / Salesforce log pulling engine can not find a specific column in Saleforce Event Log File
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_CURL_EXECUTE_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to execute curl to get Salesforce log
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_AGENTMGR_SALESFORCE_CURL_HANDLE_GET_FAILED
Description: Agent Manager / Salesforce log pulling engine unable to get curl handle
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_FILE_LOAD_ERROR
Description: Agent Manager / Salesforce log pulling engine failed to load file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_SALESFORCE_FILE_WRITE_ERROR
Description: Agent Manager / Salesforce log pulling engine unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_SALESFORCE_INVALID_DATA
Description: Agent Manager / Salesforce log pulling engine received invalid response from Salesforce
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_INVALID_LOG_FILE
Description: Agent Manager / Salesforce log pulling engine received invalid Saleforce Event Log File csv
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_JSON_PARSE_FAILED
Description: Agent Manager / Salesforce log pulling engine received failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_LOGIN_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to login to Salesforce
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
EventType: PH_AGENTMGR_SALESFORCE_SERVER_EMPTY
Description: Agent Manager / Salesforce log pulling engine found Server is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_TOKEN_GET_FAILED
Description: Agent Manager / Salesforce log pulling engine can't get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_TOKEN_REGET_FAILED
Description: Agent Manager / Salesforce log pulling engine login session is expired and failed to re-get token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_VERSION_PATH_EMPTY
Description: Agent Manager / Salesforce log pulling engine found empty version path
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SALESFORCE_XML_PARSE_FAILED
Description: Agent Manager / Salesforce log pulling engine failed to parse XML from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SCRIPT_NOTIFICATION_SPAWN_FAILED
Description: Agent Manager encountered error in spawning run script notification thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_FAILED
Description: Agent Manager could not resolve server host name
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_HOST_NAME_RESOLVE_WARNING
Description: FortiSIEM Agent Manager failed to resolve Host Name to IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_FAILED
Description: Agent Manager could not resolve server IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_SERVER_IP_RESOLVE_WARNING
Description: FortiSIEM Agent Manager failed to resolve IP to Host Name
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
jobName |
Job Name |
string |
|
EventType: PH_AGENTMGR_SETUP_STREAM_FAILED
Description: Failed to setup stream connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_START_THREAD_FAILED
Description: Failed to start thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STATUS_REPORT_FAILED
Description: Agent Manager failed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STATUS_REPORT_INIT_FAILED
Description: Agent Manager failed to initialize job status reporter
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_STOP_STREAM_FAILED
Description: Failed to stop stream connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_TENABLE_EXPORT_SCAN_FAILED
Description: Exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_DOWNLOAD_FAILED
Description: Download exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_SCANS_FAILED
Description: Get the scan list failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_GET_STATUS_FAILED
Description: Check the file status of exported scan failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TENABLE_PULL_FAILED
Description: Failed to pull Tenable.io data
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_TIME_CONVERTION_FAILED
Description: Agent Manager/module failed to convert time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_TOKEN_GET_FAILED
Description: Agent Manager monitoring module cannot get login token
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_UNPACK_FILE_FAILED
Description: Agent Manager unpack file failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
fileName |
File Name |
string |
|
EventType: PH_AGENTMGR_UPDATE_AGENT
Description: Update agent
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_UPDATE_BOOKMARK_FAILED
Description: Failed to update bookmark
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_UPDATE_WEBHOOK_CRED_FAILED
Description: Failed to update Webhook credential
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_UPDATE_WEBHOOK_CRED_SUCCESS
Description: Update Webhook credential successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_API_CALL_FAILED
Description: Windows Defender ATP REST API call api failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WINDEFATP_FILE_WRITE_ERROR
Description: Unable to write timestamp file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_AGENTMGR_WINDEFATP_GET_ALERT_FAILED
Description: Failed to get alert from Windows Defender ATP
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WINDEFATP_JSON_EMPTY
Description: JSON is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_JSON_PARSE_FAILED
Description: Failed to parse JSON
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WINDEFATP_TOKEN_EMPTY
Description: Token is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WMI_EVENT_PULL_ERROR
Description: Agent Manager / Windows WMI event log pulling engine encountered error
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WMI_EVENT_PULL_WARNING
Description: FortiSIEM Agent Manager WMI event pull warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WMI_FILE_OPEN_ERROR
Description: Agent Manager / Windows WMI event log pulling engineailed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_AGENTMGR_WMI_LOG_PULL_ERROR
Description: Faild to pull logs by WMI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_WMI_MISSING_LOG
Description: Some logs are missing
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AGENTMGR_WMI_STATUS_REPORT_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_WMI_USER_PWD_GET_FAILED
Description: Agent Manager / Windows WMI event log pulling engine failed to get WMI user name and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_AGENTMGR_WVSS_XML_PARSE_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AGENTMGR_XML_PARSE_FAILED
Description: Agent Manager / Windows WMI event log pulling engineailed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_ANOMALY_CONFIG
Description: Anomaly Detection System Config Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_ANOMALY_LATERAL_MOVEMENT_ANALYZE
Description: FSM Anomaly engine: Lateral Movement Module in analyze mode
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_ANOMALY_LATERAL_MOVEMENT_DETECT
Description: FSM Anomaly engine detected Lateral Movement
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
srcIpAddrList |
Source IP List |
string |
Comma separated list of source IP addresses as identified in a log message |
destIpAddrList |
Destination IP List |
string |
Comma separated list of destination IP addresses as identified in a log message |
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_ANOMALY_LATERAL_MOVEMENT_TRAIN
Description: FSM Anomaly engine: Lateral Movement Module in training mode
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_ANOMALY_SYSTEM
Description: Anomaly Detection System Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_ANOMALY_TIMER
Description: Anomaly Detection System Timer Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
profDateType |
Profile Date Type |
uchar |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_APPSERVER_ADMIN_AGENT_GET_UPDATE_FAILED_ERROR
Description: App Server failed to get update
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ADMIN_AGENT_UNKOWN_TASK_ID_ERROR
Description: App Server detects unkown Admin Agent task ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ADMIN_CUST_GENERATE_KEY_ERROR
Description: App Server failed to generate organization key
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ADMIN_GET_RESOURCE_FAILED
Description: App Server failed to get resource for admin tab
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ADMIN_LOCATE_KEY_FAILED
Description: App Server failed to locate resource for admin tab
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ADMIN_RESET_FIELD_FAILED_ERROR
Description: App Server failed to reset resource for admin tab
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_AUDIT_REPORT_EXPORT_ERROR
Description: Audit Data Export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEACON_LIB_ERROR
Description: App Server Beaconing library error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEACON_REGISTER_ERROR
Description: App Server Beaconing Register error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEACON_SERVER_ERROR
Description: App Server Beaconing Server error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEACON_WEB_SERVER_ERROR
Description: App Server Beaconing Web Server error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEAN_REF_CHECK_WARN
Description: App Server check entity bean reference warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEAN_SYNC_PROPERTIES_ERROR
Description: App Server entity bean sync properties error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEAN_TO_VALUE_ERROR
Description: App Server entity bean to property value map error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEAN_TO_XML_ERROR
Description: App Server entity to XML generation error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_BEAN_VALUE_TO_BEAN_ERROR
Description: App Server set value for Entity bean error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_CMDB_REPORT_DATA_ERROR
Description: CMDB Report Data error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_CMDB_REPORT_EXPORT_ERROR
Description: CMDB Report export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_CMDB_REPORT_IMPORT_ERROR
Description: CMDB Report import error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_CMDB_REPORT_QUERY_ERROR
Description: CMDB Report query error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_CMDB_REPORT_TYPE_ERROR
Description: CMDB Report Type error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_COLLECTOR_INFO_ERROR
Description: Collector information error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_COLLECTOR_LICENSE_ERROR
Description: Collector license error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_COLLECTOR_STATUS_ERROR
Description: Collector status error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_COMMONPWD_EXPORT_ERROR
Description: Common password data export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DASHBOARD_DATA_ERROR
Description: Dashbaord Data error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DASHBOARD_HTML_BUILD_XML_ERROR
Description: App Server failed to build dashboard XML content
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DASHBOARD_WIDGET_ERROR
Description: Dashbaord Widget error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DATA_IMPORT_ERROR
Description: App Server failed to import data during initialization
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DATA_ROBUST_INFO_ERROR
Description: Data Robust Info error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DB_CONNECTION_CLOSE_ERROR
Description: PostGreSQL database connection close error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DB_DATA_ERROR
Description: PostGreSQL database data error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DB_DELETE_ERROR
Description: PostGreSQL database data delete error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DB_QUERY_ERROR
Description: PostGreSQL database query error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DB_UPDATE_ERROR
Description: PostGreSQL database data update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DISCOVERY_CREDENTIAL_DECRYPT_PASSWORD_WARN
Description: App Server discovery result credential decrypt error
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DISCOVERY_RESULT_ENCRYPT_XML_ELEMENT_ERROR
Description: App Server discovery result credential encrypt error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DISCOVERY_RESULT_ERROR
Description: App Server failed to process discovery result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_DISCOVERY_RESULT_UNKOWN_TASK_ID_ERROR
Description: App Server detects unknown Discovery Result task ID
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EAMIL_GENERATE_EVENT_ERROR
Description: App Server failed to generate raw event for email notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_ELASTIC_UPDATE_ERROR
Description: App Server failed to update Elasticsearch configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EMAIL_PREPARE_DATA_ERROR
Description: App Server failed to prepare email body for email notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EVENTDB_EXPORT_ERROR
Description: Event DB data export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EVENT_ATTRIBUTE_BUILD_XML_ERROR
Description: App Server failed to build Event Attribute XML content
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EXPORT_ERROR
Description: App Server Generic Export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EXT_THREAT_INTEL_DOWNLOAD_ERROR
Description: External Threat Intelligence download error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EXT_THREAT_INTEL_PARSE_ERROR
Description: External Threat Intelligence parse error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_EXT_THREAT_INTEL_UPDATE_ERROR
Description: External Threat Intelligence update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FILE_NOT_FOUND
Description: App Server cannot find specified file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FILE_READ_ERROR
Description: App Server cannot read from specified file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FILE_SYSTEM_ERROR
Description: App Server encountered file system error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FILE_WRITE_ERROR
Description: App Server cannot write to specified file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FLEX_INTERCEPTOR_NO_LOGIN_EXCEPTION_ERROR
Description: App Server encountered Flex API exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FORTIGUARD_IOC_INTEGRATION_ERROR
Description: FortiGuard IOC data download/parse error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_REGISTER_ERROR
Description: App Server Registration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_RUN_THREAD_ERROR
Description: App Server run thread error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SECURITY_CHECK_LICENSE_WARN
Description: App Server Check license warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SECURITY_GET_ENTITY_MANAGER_ERROR
Description: App Server cannot get EntityManager
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SECURITY_GET_RS_EXPIRATION_ERROR
Description: App Server Get Report Server expiration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SECURITY_INIT_SYSTEM_ERROR
Description: App Server Phoenix Caching system initialization failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SERVICE_MISSED_WARN
Description: App Server can not find service
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_FRAMEWORK_SHUTDOWN_SERVICE_STARTER_WARN
Description: App Server cannot shutdown service starter
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_GENERIC_ERROR
Description: Unknown Application Server error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_GENERIC_INFO
Description: Generic Application Server Informational log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_GENERIC_WARN
Description: Generic Application Server Warn
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_GET_MAX_CONFIG_ITEM_COUNT_ERROR
Description: App Server encountered error while getting max system configuration iten count
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_GROUP_DATA_ERROR
Description: Group Data error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_IDENTIYLOCATION_EXPORT_ERROR
Description: Identity location export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INCIDENT_NOTIFY_ERROR
Description: App Server failed to notify Incident via email or other methods
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INCIDENT_UPDATE_ERROR
Description: App Server failed to update Incident in PostGreSQL database
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INTEGRATION_ERROR
Description: External ticketing system integration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INTEGRATION_UPDATE_POLICY_ERROR
Description: App Server encountered error while updating Ticketing system integration policy
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INTEGRATION_UPDATE_POLICY_WARN
Description: App Server encountered warning while updating Ticketing system integration policy
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_INTEGRATION_WARN
Description: External ticketing system integration warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_IN_INTEGRATION_ERROR
Description: Inbound external ticketing system integration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_IOC_LICENSE_CHECK_FAILED_WARN
Description: App Server failed to check External Threat Intelligence License
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_IOC_TASK_CREATE_FAILED_ERROR
Description: App Server failed to create External Threat Intelligence Update task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_JOB_DISTRIBUTE_ERROR
Description: Application Server monitoring job distribution error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_LICENSE_EXPIRY_ERROR
Description: License Expiration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_LICENSE_VALIDATION_ERROR
Description: License Validation error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_LOGIN_ERROR
Description: App Server Login exception
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_LOG_INTEGRITY_ERROR
Description: App Server failed to update log integrity hashes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_MONITOR_AUDIT_PERF_ERROR
Description: App Server encountered exception while updating performance monitor job status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_MONITOR_HEALTH_CONFIG_SET_ERROR
Description: App Server failed to update CMDB Device Monitor Health
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NETSEGMENT_EXPORT_ERROR
Description: Network Segment Export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NOTIFICATION_EMAIL_GET_RESOURCE_FAILED
Description: App Server failed to get resource for email notification
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NOTIFICATION_ERROR
Description: App Server notification error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NOTIFICATION_JMS_CONNECTION_ERROR
Description: App Server create JMS connection error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NOTIFICATION_UPDATE_ERROR
Description: App Server notification Update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NOTIFIER_ERROR
Description: App Server Notifier error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_NO_WATCHLIST_SELECTED_WARN
Description: No watch list selected for entry warn
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_OPENPROXY_EXPORT_ERROR
Description: Open proxy data export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_OUT_INTEGRATION_ERROR
Description: Outbound external ticketing system integration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_PARSER_IMPORT_ERROR
Description: Custom parser import error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_PARSER_UPDATE_ERROR
Description: Custom parser update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_PARSING_CONSTRAINT_ERROR
Description: Rule/Report constraint parsing error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_PDF_BUILDER_ERROR
Description: App Server failed to build PDF during report export
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_PERFMON_TASK_ERROR
Description: App Server failed to create Performance Monitoring Task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_CHECK_POLICY_ACTION_WARN
Description: App Server failed to validate Incident notification policy action
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_EXPORT_ERROR
Description: App Server failed to export historical query result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_RESULT_PARSER_ERROR
Description: App Server failed to parse historical query result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_RESULT_RETRIEVE_ERROR
Description: App Server failed to retrieve historical query result
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_RUN_ERROR
Description: App Server failed to run historical query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_STOP_ERROR
Description: App Server failed to stop historical query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_QUERY_STRING_ESCAPE_ERROR
Description: App Server can't find close escape string
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RBAC_ERROR
Description: App Server encountered error while setting RBAC policies
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RBAC_NO_PERMISSION_WARN
Description: App Server enforced user RBAC
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REALTIME_QUERY_ERROR
Description: App Server failed to start real time query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REMEDY_ERROR
Description: App Server failed to create tickets in Remedy
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_BUNDLE_PRINT_ERROR
Description: Print report bundle error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_COMPILE_ERROR
Description: Compile report to file error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_DEVICE_COMPONENT_SN_ERROR
Description: CMDB device serial number report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_DEVICE_DETAIL_ERROR
Description: CMDB detail report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_DEVICE_SN_ERROR
Description: CMDB server serial number report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_DEVICE_SUMMARY_ERROR
Description: CMDB summary report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_EXPORT_ERROR
Description: Report Export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_FAILED_BLOCK_SUMMARY_ERROR
Description: Get failed blocks error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_FIRE_TRIGGER_EVENT_ERROR
Description: App Server incident trigger events report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_GET_PH_CONFIG_ERROR
Description: App Server get phoenix configuration error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_IDENTITY_AND_LOCATION_ERROR
Description: Identity and location report error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_LOG_FILE_SUMMARY_ERROR
Description: App Server get log files error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_TEMPLATE_GENERATE_PDF_ERROR
Description: App Server Report template generate PDF error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_TEMPLATE_INIT_IMAGE_ERROR
Description: App Server Report template init image error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_TEMPLATE_INIT_PARM_ERROR
Description: App Server Report template init parameter error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_TEMPLATE_PDF_SUMMARY_ERROR
Description: App Server Report template create PDF summary error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_TICKET_SUMMARY_ERROR
Description: App Server get tickets error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_UPDATE_ERROR
Description: User defined report update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REPORT_USER_SUMMARY_ERROR
Description: App Server get users error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REST_ERROR
Description: App Server REST error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_REST_H5_ERROR
Description: App Server HTML5 REST error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RISKSCORE_CALCULATE_ERROR
Description: Risk score calculation error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_ACTIVE_ERROR
Description: App Server failed to activate rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_CLONE_ERROR
Description: App Server failed to clone rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_DEBUG_INVALID_EVENT_DB_ID_ERROR
Description: App Server found invalid event id during rule testing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_DEBUG_WORKERS_SETTING_ERROR
Description: App Server detected Worker Settings error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_TEST_ERROR
Description: App Server encountered error while testing rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_RULE_UPDATE_ERROR
Description: App Server failed to update rule
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SCHEDULE_ERROR
Description: App Server job schedule error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SCHEDULE_UPDATE_ERROR
Description: App Server job schedule Update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SECURITY_ERROR
Description: Application Server System Security Data error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SERVLET_ERROR
Description: App Server Servlet error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SERVLET_NO_ACCESS_TO_URI_WARN
Description: App Server Servlet has no access to URI
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SOCKET_COMM_ERROR
Description: App Server Socket communication error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SVN_ERROR
Description: App Server SVN Repository error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SYNC_UPDATE_CONFIG_ERROR
Description: App Server encountered error on syncing update config for performance monitoring jobs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SYSCONFIG_GET_ERROR
Description: App Server failed to get system configuration from PostGreSQL database
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SYSTEM_WINAGENT_REGISTER_WARN
Description: Windows Agent Manager not found or not registered
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SYS_APPLICATION_ERROR
Description: Application Server System error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_SYS_DATA_UPDATE_ERROR
Description: Application Server Data Update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_TASK_CREATE_ERROR
Description: App Server create task error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_TASK_FLEX_RESULT_BUILD_XML_ERROR
Description: App Server failed to build Flex XML content
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_TASK_GET_ERROR
Description: App Server get task error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_TASK_UPDATE_ERROR
Description: App Server update task error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_TICKET_EXPORT_ERROR
Description: Incident ticket export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_UPDATER_FIND_EXIST_USER_BY_NOTHING_ERROR
Description: App Server failed to locate existing user in CMDB
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_USERAGENT_EXPORT_ERROR
Description: User agent export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_VULNERABILITY_IGNORE_WARN
Description: App Server ignored host Vulnerability result
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WATCHLIST_ADD_TO_DISTIRBUTED_QUEUE
Description: App Server failed to add incident attribute to watch list
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WATCHLIST_EXPORT_ERROR
Description: Watch List export error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WATCHLIST_IMPORT_ERROR
Description: Watch List import error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WATCHLIST_IMPORT_WARN
Description: Watch List import warnings
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WATCHLIST_UPDATE_ERROR
Description: Watch List update error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WEBSERVICE_UPDATE_TASK_ERROR
Description: App Server encountered error while updating task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WORKER_PROVISION_FAILED
Description: App Server failed to provision Worker
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_WS_COMM_ERROR
Description: App Server Web service communication error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_APPSERVER_XML_PARSE_ERROR
Description: App Server failed to parse XML
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ACCOUNT_LOCKED
Description: System user account locked due to excessive login failures
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
reason |
Reason |
string |
|
targetUser |
Target User |
string |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
EventType: PH_AUDIT_AGENT_DISABLED
Description: FortiSIEM Windows/Linux Agent disabled
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_INSTALLED
Description: FortiSIEM Windows/Linux Agent installed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_NOTRESPONDING
Description: FortiSIEM Windows/Linux Agent not responding
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_RUNNING
Description: FortiSIEM Windows/Linux Agent is running and sending events
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_STARTED
Description: FortiSIEM Windows/Linux Agent started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_STOPPED
Description: FortiSIEM Windows/Linux Agent stopped
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_AGENT_UNINSTALLED
Description: FortiSIEM Windows/Linux Agent uninstalled
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
monitorState |
Monitor State |
string |
|
type |
Type |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_AUDIT_CASE_ASSIGNED
Description: FortiSIEM Case Assigned to a User
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
targetUser |
Target User |
string |
|
EventType: PH_AUDIT_CASE_CLOSED
Description: FortiSIEM Case Closed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
comment |
Comment |
string |
|
EventType: PH_AUDIT_CASE_CREATED
Description: FortiSIEM Case Created
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
EventType: PH_AUDIT_CASE_EVIDENCE_ADDED
Description: FortiSIEM Case Evidence Added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
type |
Type |
string |
|
fileName |
File Name |
string |
|
EventType: PH_AUDIT_CASE_EVIDENCE_DELETED
Description: FortiSIEM Case Evidence Deleted
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
type |
Type |
string |
|
fileName |
File Name |
string |
|
EventType: PH_AUDIT_CASE_INCIDENT_ADDED
Description: FortiSIEM Incident added to a Case
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
EventType: PH_AUDIT_CASE_MERGED
Description: FortiSIEM Case Merged
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
EventType: PH_AUDIT_CASE_NOTE_ADDED
Description: FortiSIEM Case Note Added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
comment |
Comment |
string |
|
EventType: PH_AUDIT_CASE_NOTE_DELETED
Description: FortiSIEM Case Note Deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
EventType: PH_AUDIT_CASE_NOTE_MODIFIED
Description: FortiSIEM Case Note Modified
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
comment |
Comment |
string |
|
EventType: PH_AUDIT_CASE_PRIORITY_CHANGED
Description: FortiSIEM Case Priority Changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
oldSeverity |
Old Severity |
string |
|
newSeverity |
New Severity |
string |
|
EventType: PH_AUDIT_CASE_REASSIGNED
Description: FortiSIEM Case Reassigned
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
targetUser |
Target User |
string |
|
EventType: PH_AUDIT_CASE_STAGE_CHANGED
Description: FortiSIEM Case Stage Changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
EventType: PH_AUDIT_CASE_STAT
Description: FortiSIEM Case Closed Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
user |
User |
string |
|
newDuration |
New Duration |
uint64 |
Duration of a case in the new status |
assignedDuration |
Assigned Duration |
uint64 |
Duration of a case in the assigned status |
inProgressDuration |
In-Progress Duration |
uint64 |
Duration of a case in the in-progress status |
pendCustFeedbackDuration |
Pending Customer Feedback Duration |
uint64 |
Duration of a case in the pending feedback status |
recvCustFeedbackDuration |
Received Customer Feedback Duration |
uint64 |
Duration of a case in the received feedback status |
timeToClose |
Time to Close |
uint64 |
Total duration that a case was open |
EventType: PH_AUDIT_CASE_STATUS_CHANGED
Description: FortiSIEM Case Status Changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
EventType: PH_AUDIT_CASE_SUMMARY_CHANGED
Description: FortiSIEM Case Summary Changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
caseId |
Case ID |
uint64 |
Unique ID of a FortiSIEM Case |
title |
Title |
string |
|
oldTitle |
Old Title |
string |
|
EventType: PH_AUDIT_CASE_UPDATED
Description: FortiSIEM Case Updated
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_CI_QUOTE_EXCEEDED
Description: System CI Quote Exceeded
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_CMDB_DISK_PRUNE_FAILED
Description: CMDB Disk Prune Failed
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_AUDIT_CMDB_DISK_PRUNE_SUCCESS
Description: CMDB Disk Prune Success
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_AUDIT_DASHBOARD_SHARED
Description: FortiSIEM dashboard folder shared
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
targetUserGrp |
Target User Group |
string |
|
EventType: PH_AUDIT_DATA_PURGE
Description: System data has been purged
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_DEFAULT_PWD_MATCH
Description: Default password match
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
reptVendor |
Reporting Vendor |
string |
This field captures the vendor of the reported event |
reptModel |
Reporting Model |
string |
This field captures the model of the reported event |
appTransportProto |
Application Protocol |
string |
|
user |
User |
string |
|
EventType: PH_AUDIT_DEVICE_ADDED
Description: System CMDB device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_AUDIT_DEVICE_DELETED
Description: System CMDB device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_AUDIT_DEVICE_DISCOVERY_ITEM_CHANGED
Description: System CMDB device changed by discovery
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
objType |
Object Type |
string |
|
addedItem |
Added Item |
string |
|
EventType: PH_AUDIT_DEVICE_MAINTENANCE_ENDED
Description: System device maintenance ended
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
maintScheduleName |
Maintenance Schedule Name |
string |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
EventType: PH_AUDIT_DEVICE_MAINTENANCE_STARTED
Description: System device maintenance started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
maintScheduleName |
Maintenance Schedule Name |
string |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
EventType: PH_AUDIT_DEVICE_MERGED_BY_IP_WITH_DIFF_NAME
Description: Two devices with different hostname merged becsuase of overlapping IP addresses
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
targetHostName |
Target Host Name |
string |
|
overlapIp |
Overlapping IP |
string |
This field repsents the list of IP addresses of a just discovered device that overlaps with an existing device in CMDB. |
EventType: PH_AUDIT_DEVICE_STATUS_CHANGED
Description: CMDB Device audit status changed
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
user |
User |
string |
|
origStatus |
Original Status |
string |
|
newStatus |
New Status |
string |
|
eventSource |
Event Source |
string |
|
EventType: PH_AUDIT_DEVICE_UNMANAGED
Description: license exceeded - newly discovered device set to Unmanaged
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
status |
Status |
string |
|
eventSource |
Event Source |
string |
|
details |
Details |
string |
|
EventType: PH_AUDIT_DEV_MON_JOB_NOT_STARTED
Description: Performance monitoring Job is not picked up for execution for a long time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_DEV_MON_JOB_STATUS_CHANGE
Description: Performance monitoring job status changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_DISCOVERY
Description: Audit discovery
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
type |
Type |
string |
|
task |
Task |
string |
|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_EXPORT_REPORT_END
Description: User exported FortiSIEM Report result via GUI or Scheduled Report
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_GENAI_USER_QUERY
Description: FortiSIEM sent Generative AI Query to ChatGPT
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_GENERIC
Description: System generic audit message
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_GROUP_CREATED
Description: FortiSIEM GUI Group Created
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
osObjName |
Object Name |
string |
|
osObjType |
OS Object Type |
string |
|
EventType: PH_AUDIT_GROUP_DELETED
Description: FortiSIEM GUI Group Deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
osObjName |
Object Name |
string |
|
osObjType |
OS Object Type |
string |
|
EventType: PH_AUDIT_INACTIVE_USER_LOGIN
Description: A system inactive user tried to login
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_INCIDENT_SYS_CLEAR
Description: FortiSIEM Incident System Auto-Cleared
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
osObjHandleID |
Object Handle |
string |
|
EventType: PH_AUDIT_INCIDENT_USER_CLEAR
Description: FortiSIEM Incident User Cleared
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
osObjHandleID |
Object Handle |
string |
|
EventType: PH_AUDIT_INTEGRATION_POLICY_EXECUTED
Description: FortiSIEM Integration Policy Executed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_MALWARE_DATA_DELETED
Description: Malware data deleted by scheduled update
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
updateTime |
Update Time |
Date |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
folder |
Folder |
string |
|
EventType: PH_AUDIT_MALWARE_DATA_UPDATED
Description: Malware data updated by scheduled update
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
updateTime |
Update Time |
Date |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
folder |
Folder |
string |
|
EventType: PH_AUDIT_ML_GENERIC_ERROR
Description: Machine Learning generic error log
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_GENERIC_INFO
Description: Machine Learning generic info log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_INFERENCE_COMPLETED
Description: Machine Learning audit inference completed log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_INFERENCE_RESULT
Description: Machine Learning audit inference result log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_INFERENCE_STARTED
Description: Machine Learning audit inference started log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_TRAINING_COMPLETED
Description: Machine Learning audit training completed log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_ML_TRAINING_STARTED
Description: Machine Learning audit training started log
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_NOTIF_POLICY_EXECUTED
Description: FortiSIEM Incident Notification Policy Executed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
osObjHandleID |
Object Handle |
string |
|
EventType: PH_AUDIT_OBJECT_CREATED
Description: System data object created
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjType |
OS Object Type |
string |
|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_OBJECT_DELETED
Description: System data object deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
EventType: PH_AUDIT_OBJECT_UPDATED
Description: System data object updated
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjType |
OS Object Type |
string |
|
objType |
Object Type |
string |
|
osObjName |
Object Name |
string |
|
osObjAction |
Object Action |
string |
|
targetCustomer |
Target Organization Name |
string |
|
oldSettingsValue |
Old Settings Value |
string |
|
newSettingsValue |
New Settings Value |
string |
|
EventType: PH_AUDIT_ONDEMAND_REMEDIATION_EXECUTED
Description: FortiSIEM Ondemand Remediation Executed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_PASSWORD_CHANGED
Description: System user password changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
targetUser |
Target User |
string |
|
user |
User |
string |
|
domain |
Domain |
string |
|
EventType: PH_AUDIT_QUERY_COMPLETED
Description: Audit query completed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
osObjName |
Object Name |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
durationMSec |
Duration |
uint32 |
Duration of a connection (in msec) |
queryFilter |
Query Filter |
string |
|
queryDisplay |
Query Display |
string |
|
queryId |
Query Id |
string |
|
usageType |
Usage Type |
string |
|
EventType: PH_AUDIT_QUERY_SCHEDULED
Description: System scheduled a query
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
EventType: PH_AUDIT_QUERY_START
Description: System started a query
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
queryId |
Query Id |
string |
|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_QUERY_STOP
Description: System stopped a query
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
queryId |
Query Id |
string |
|
osObjName |
Object Name |
string |
|
durationMSec |
Duration |
uint32 |
Duration of a connection (in msec) |
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_AUDIT_REPORT_SCHEDULED
Description: FortiSIEM Report Scheduled
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_REPORT_SCHEDULE_APPROVE
Description: FortiSIEM Report schedule approval
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
reportId |
Report ID |
uint32 |
|
reportName |
Report Name |
string |
FortiSIEM report name. |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AUDIT_REPORT_SCHEDULE_REQUEST
Description: FortiSIEM Report schedule request
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
reportId |
Report ID |
uint32 |
|
reportName |
Report Name |
string |
FortiSIEM report name. |
EventType: PH_AUDIT_REPORT_SERVER_LICENSE_EXPIRED
Description: FortiSIEM Report Server license expired
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_REPORT_SERVER_LICENSE_REMOVED
Description: FortiSIEM Report Server Removed After License Expiry
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_REPORT_SERVER_LICENSE_TO_EXPIRE
Description: FortiSIEM Report Server license about to expire
Severity: 8 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_RISK_DECREASE_LOW
Description: Device Risk Score decreased to LOW level
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_RISK_DECREASE_MED
Description: Device Risk Score decreased to MEDIUM level
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_RISK_INCREASE_HIGH
Description: Device Risk Score increased to HIGH level
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_RISK_INCREASE_MED
Description: Device Risk Score increased to MEDIUM level
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_RULE_ACTIVATED
Description: FortiSIEM Rule activated
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_RULE_ACTIVATION_APPROVE
Description: FortiSIEM Rule activation approval
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
ruleName |
Rule Name |
string |
FortiSIEM rule name. |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AUDIT_RULE_ACTIVATION_REQUEST
Description: FortiSIEM Rule activation request
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
EventType: PH_AUDIT_RULE_DEACTIVATED
Description: FortiSIEM Rule de-activated
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
osObjName |
Object Name |
string |
|
EventType: PH_AUDIT_RULE_DEACTIVATION_APPROVE
Description: FortiSIEM Rule de-activation approval
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
ruleName |
Rule Name |
string |
FortiSIEM rule name. |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_AUDIT_RULE_DEACTIVATION_REQUEST
Description: FortiSIEM Rule de-activation request
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
objId |
DB Object Id |
string |
|
status |
Status |
string |
|
targetUser |
Target User |
string |
|
ruleId |
Rule ID |
uint64 |
Unique ID of a FortiSIEM rule. |
ruleName |
Rule Name |
string |
FortiSIEM rule name. |
EventType: PH_AUDIT_SVC_LOGIN_FAILURE
Description: System service user failed to login
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_SVC_LOGIN_SUCCESS
Description: System service user login success
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_SVC_LOGOFF
Description: System Service user logoff
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_SVC_SESSION_TIMEOUT
Description: System service user session timeout
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_TUNNEL_CLOSE
Description: Collector to Super Reverse SSH Tunnel closed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
appTransportProto |
Application Protocol |
string |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
collectorIp |
Collector IP |
IP |
This field captures the IP address of a FortiSIEM Collector |
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
EventType: PH_AUDIT_TUNNEL_OPEN
Description: Collector to Super Reverse SSH Tunnel opened
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
appTransportProto |
Application Protocol |
string |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
collectorIp |
Collector IP |
IP |
This field captures the IP address of a FortiSIEM Collector |
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
EventType: PH_AUDIT_USER_ADDED
Description: System user added
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
targetUser |
Target User |
string |
|
user |
User |
string |
|
domain |
Domain |
string |
|
EventType: PH_AUDIT_USER_CHANGE_ORG_SCOPE
Description: FortiSIEM user changed organization scope
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
userFullName |
User Full Name |
string |
|
targetCustomer |
Target Organization Name |
string |
|
EventType: PH_AUDIT_USER_DEFAULT_ROLE_CHANGED
Description: FortiSIEM Admin User Default Role Changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
targetUser |
Target User |
string |
|
targetCustomer |
Target Organization Name |
string |
|
role |
Role |
string |
|
EventType: PH_AUDIT_USER_DELETED
Description: System user deleted
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
user |
User |
string |
|
targetUser |
Target User |
string |
|
details |
Details |
string |
|
EventType: PH_AUDIT_USER_LOGIN_FAILURE
Description: System user failed to login
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
domain |
Domain |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_AUDIT_USER_LOGIN_SUCCESS
Description: System user login success
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
user |
User |
string |
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
userFullName |
User Full Name |
string |
|
EventType: PH_AUDIT_USER_LOGOFF
Description: System user logoff
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
userFullName |
User Full Name |
string |
|
EventType: PH_AUDIT_USER_ORGANIZATION_ROLE_CHANGED
Description: FortiSIEM Admin User Organization Role changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
targetUser |
Target User |
string |
|
targetCustomer |
Target Organization Name |
string |
|
role |
Role |
string |
|
EventType: PH_AUDIT_USER_ORGANIZATION_ROLE_ENABLED
Description: FortiSIEM Admin User Organization Role enabled
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_AUDIT_USER_ORGANIZATION_ROLE_REMOVED
Description: FortiSIEM Admin User Organization Role disabled
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
user |
User |
string |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
targetUser |
Target User |
string |
|
targetCustomer |
Target Organization Name |
string |
|
role |
Role |
string |
|
EventType: PH_AUDIT_USER_SESSION_TIMEOUT
Description: System user session timeout
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
userFullName |
User Full Name |
string |
|
EventType: PH_AUDIT_WS_COMM
Description: System web service communication
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_BAD_NETFLOW_PACKET
Description: Bad netflow packet
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BAD_NETFLOW_VER
Description: Unsupported netflow version
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BAD_ROUTE_OUTPUT
Description: FortiSIEM encountered bad route output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_BASE_AGENT_JOB_NO_THREAD_NUM_ASSIGNED
Description: FortiSIEM module error - no thread count assigned
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_DUMP_STACK_TRACE_FAILURE
Description: FortiSIEM module error - stack trace failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
filePath |
File Path |
string |
|
EventType: PH_BASE_PROC_GET_PID_FILE_FAILED
Description: FortiSIEM module error - failed to get process id
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_BASE_PROC_HANDLE_NOTIFICATION_ERROR
Description: FortiSIEM module error - notification error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_KILL_PROC_ERROR
Description: FortiSIEM module error - failed to kill process
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_BASE_PROC_NOTIFICATION_HANDLE_CONN_ERROR
Description: FortiSIEM module error - no notification connection
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_NO_CONN_TO_HEARTBEAT_SERVER
Description: FortiSIEM module error - no connection to heartbeat
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_RENAME_MINI_DUMP_FILE_FAILURE
Description: FortiSIEM module error - minidump error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_REST_CACHE_CHECKOUT_STATUS_WARNING
Description: FortiSIEM module error - REST cache access error
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
EventType: PH_BASE_PROC_SEND_HEARTBEAT_FAILURE
Description: FortiSIEM module error - failed to send heartbeat
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
procName |
Process Name |
string |
|
EventType: PH_BASE_PROC_SEND_USER_DEFINED_SIG_FAILED
Description: FortiSIEM module error - user defined sig failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_SET_PID_FILE_FAILED
Description: FortiSIEM module error - setpid failed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_BASE_PROC_STACK_TRACE
Description: FortiSIEM module stack trace
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_STACK_TRACK_TOO_LONG
Description: FortiSIEM module erro - stack trace too large
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_SYS_INFO_CALC_CPU_ERROR
Description: FortiSIEM module error - failed to calculate CPU
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
procName |
Process Name |
string |
|
EventType: PH_BASE_PROC_SYS_PROC_INFO_GET_FAILURE
Description: FortiSIEM module error - failed to get proc info
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_SYS_PROC_INFO_INIT_ERROR
Description: FortiSIEM module error - proc info get error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_PID_FILE
Description: FortiSIEM module error - unable to open proc pid file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
EventType: PH_BASE_PROC_SYS_PROC_INFO_UNABLE_OPEN_PROC_STAT_FILE
Description: FortiSIEM module error - unable to open proc stat file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
filePath |
File Path |
string |
|
procName |
Process Name |
string |
|
EventType: PH_BASE_PROC_THREAD_SPAWN_FAILED
Description: FortiSIEM module error - failed to spawn thread
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_THREAD_WRONG_PARAM
Description: FortiSIEM module error - wrong paremeters to thread span function
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PROC_UPLOAD_FILE_FAILURE
Description: FortiSIEM module error - file upload failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverName |
Server Name |
string |
|
EventType: PH_BASE_PROC_VALUE_GROUP_UPDATE_FAILURE
Description: FortiSIEM module error - value group update failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_BASE_PRO_AQUIRE_SHARED_STORE_FAILED
Description: Unable to aquire shared store instance
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CHECKPOINT_CERTHANDLER_ERROR
Description: Checkpoint failed to parse device certificate received from App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CERTPULL_ERROR
Description: Checkpoint failed to obtain certificate from App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CMD_USAGE_ERROR
Description: Checkpoint command usage error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
command |
Command |
string |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_CPMI_FETCH_ERROR
Description: Checkpoint CPMI fetch error. Events may miss some metadata
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_DEV_INIT_ERROR
Description: Checkpoint device initialization error. Checkpoint device can not be monitored
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_FILE_RENAME_FAILURE
Description: FortiSIEM Checkpoint module failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
srcFilePath |
Source File Path |
string |
|
destFilePath |
Destination File Path |
string |
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_CHECKPOINT_FWLOGHANDLER_ERROR
Description: Checkpoint LEA handler protocol error. Checkpoint device can not be monitored
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_FWLOGHANDLER_INIT_ERROR
Description: Checkpoint OPSEC log handler initialization error. Checkpoint device can not be monitored
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
fileName |
File Name |
string |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_HTTP_ERROR
Description: Checkpoint module failed to connect to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_LOGHANDLER_ERROR
Description: Checkpoint OPSEC log handler internal error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CHECKPOINT_PROCESS_GET_FAILED
Description: Checkpoint module failed to get its parent process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CHECKPOINT_TESTCONN_ERROR
Description: Checkpoint test connectivity error. Checkpoint device can not be discovered
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
serverIpAddr |
Server IP |
IP |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_CHECKPOINT_UNABLE_PARSE_XML
Description: Checkpoint module unable to parse device credential XML received from App Server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
Id |
Display name |
Type |
Description |
---|---|---|---|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |