Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

20000008

Meaning

Parameter, URL, or other elements in the packets triggered signatures included in the signature policy.

 

 

Field name Description

log_id

20000008

See Log ID numbers.

main_type

Signature Detection

subtype

  • Cross Site Scripting
  • Cross Site Scripting (Extended)
  • Generic Attacks
  • Generic Attacks (Extended)
  • Bad Robot
  • Information Disclosure
  • Known Exploits
  • SQL Injection
  • SQL Injection (Extended)
  • SQL Injection (Syntax Based Detection)
  • Personally Identifiable Information
  • Trojans

 

Examples

v007xxxxdate=2019-08-03 time=10:17:12 log_id=20000008 msg_id=000000225902 device_id=FV-1KE4417900002 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" timezone_dayst="GMTa-8" type=attack pri=alert main_type="Signature Detection" sub_type="Cross Site Scripting" trigger_policy="" severity_level=High proto=tcp service=http action=Alert policy="FWB_Policy_Default_AutoTest" src=10.200.10.100 src_port=61385 dst=10.101.0.1 dst_port=80 http_method=get http_url="/examples/jsp/snp/snoop.jsp??picfilename=image_w3default.gif onmousedown="alert('xss success')"&passwd=&ok" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="Parameter(?picfilename) triggered signature ID 010000063 of Signatures policy Scanner Integration" signature_subclass="Cross Site Scripting" signature_id="010000063" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" threat_weight=30 history_threat_weight=0 threat_level=High ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A7:2017-Cross-Site Scripting (XSS)"

20000008

Meaning

Parameter, URL, or other elements in the packets triggered signatures included in the signature policy.

 

 

Field name Description

log_id

20000008

See Log ID numbers.

main_type

Signature Detection

subtype

  • Cross Site Scripting
  • Cross Site Scripting (Extended)
  • Generic Attacks
  • Generic Attacks (Extended)
  • Bad Robot
  • Information Disclosure
  • Known Exploits
  • SQL Injection
  • SQL Injection (Extended)
  • SQL Injection (Syntax Based Detection)
  • Personally Identifiable Information
  • Trojans

 

Examples

v007xxxxdate=2019-08-03 time=10:17:12 log_id=20000008 msg_id=000000225902 device_id=FV-1KE4417900002 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" timezone_dayst="GMTa-8" type=attack pri=alert main_type="Signature Detection" sub_type="Cross Site Scripting" trigger_policy="" severity_level=High proto=tcp service=http action=Alert policy="FWB_Policy_Default_AutoTest" src=10.200.10.100 src_port=61385 dst=10.101.0.1 dst_port=80 http_method=get http_url="/examples/jsp/snp/snoop.jsp??picfilename=image_w3default.gif onmousedown="alert('xss success')"&passwd=&ok" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="Parameter(?picfilename) triggered signature ID 010000063 of Signatures policy Scanner Integration" signature_subclass="Cross Site Scripting" signature_id="010000063" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" threat_weight=30 history_threat_weight=0 threat_level=High ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A7:2017-Cross-Site Scripting (XSS)"