Fortinet Serializer

Overview

This transform is used to serialize Fortinet data to format appropriate for a destination.

Configuration Parameters

Name

required string

User specified name of the Fortinet Serializer transform. This name is used to identify and reference the Fortinet Serializer configuration within your system.

Description

string

A short description about the Fortinet Serializer transform.

Serializer

Enabled

boolean

Enable or disable this transform.

Fortinet Event Field

required string

Field name which contains Fortinet event data. Can't be empty

Fortinet Metadata Field

required string

The value here should refer to the metadata field which was used when parsing Fortinet events.

Output

enum

Enum options

Option

Splunk

Examples

Configs

Serializer:
  Enabled: true
  Fortinet Event Field: fortinet
  Fortinet Metadata Field: ft_syslog_prefix
  Output: Splunk

Input

{
  "fortinet": {
    "Activity": "wireless event WPA-2/4-key-msg",
    "AdditionalExtensions": "start=Jan 09 2024 11:38:12;logver=700120523;ad.vd=root;ad.eventtime=1704818292667620554;ad.tz=-0500;ad.logid=0104043651;ad.subtype=wireless;deviceSeverity=warning;ad.logdesc=Wireless client sent 2/4 message of 4 way handshake;ad.sn=FP431FTF200XXXXX;ad.ap=FP431FTF200XXXXX;ad.vap=HWCDSB_GUEST2;ad.ssid=HWCDSB_GUEST;ad.radioid=2;ad.stamac=XX:31:0b:58:bf:XX;ad.channel=100;ad.security=WPA2 Enterprise;ad.encryption=AES;ad.remotewtptime=35.947755;tz=\"-0500\"",
    "Computer": "XXXXXXXX-FGT",
    "DestinationUserName": "N/A",
    "DeviceAction": "WPA-2/4-key-msg",
    "DeviceEventCategory": "event",
    "DeviceEventClassID": "0104043651",
    "DeviceExternalID": "FG100FTKXXXXXXXX",
    "DeviceName": "XXXXXXXXX-FGT",
    "DeviceProduct": "FortiGate-100F",
    "DeviceVendor": "Fortinet",
    "DeviceVersion": "7.0.12,build0523 (GA)",
    "EndTime [Eastern Time (US and Canada)]": "",
    "Message": "AP received 2/4 message of 4-way handshake from client xx:31:xx:58:bf:xx",
    "Reason": "Reserved 0",
    "SimplifiedDeviceAction": "WPA-2/4-key-msg",
    "TimeGenerated [Eastern Time (US and Canada)]": "1/9/2024, 11:38:12.932 AM",
    "Type": "CommonSecurityLog",
    "ad.ap": "FP431FTFXXXXXXXX",
    "ad.channel": "100",
    "ad.encryption": "AES",
    "ad.eventtime": "170481829266762XXXX",
    "ad.logdesc": "Wireless client sent 2/4 message of 4 way handshake",
    "ad.logid": "0104043651",
    "ad.radioid": "2",
    "ad.remotewtptime": "35.947755",
    "ad.security": "WPA2 Enterprise",
    "ad.sn": "FP431FTF2002XXXX",
    "ad.ssid": "HWCDSB_GUEST",
    "ad.stamac": "72:31:0b:58:bf:e4",
    "ad.subtype": "wireless",
    "ad.tz": "-0500",
    "ad.vap": "HWCDSB_GUEST2",
    "ad.vd": "root",
    "deviceSeverity": "warning",
    "logver": "700120523",
    "start": "Jan 09 2024 11:38:12",
    "tz": "-0500",
    "TenantId": "xxxxxb5b9-579f-4123-93d7-bf34a96fxxxx"
  }
}

Output

{
  "message": "Activity=\"wireless event WPA-2/4-key-msg\" AdditionalExtensions=\"start=Jan 09 2024 11:38:12;logver=700120523;ad.vd=root;ad.eventtime=1704818292667620554;ad.tz=-0500;ad.logid=0104043651;ad.subtype=wireless;deviceSeverity=warning;ad.logdesc=Wireless client sent 2/4 message of 4 way handshake;ad.sn=FP431FTF200XXXXX;ad.ap=FP431FTF200XXXXX;ad.vap=HWCDSB_GUEST2;ad.ssid=HWCDSB_GUEST;ad.radioid=2;ad.stamac=XX:31:0b:58:bf:XX;ad.channel=100;ad.security=WPA2 Enterprise;ad.encryption=AES;ad.remotewtptime=35.947755;tz=\\\"-0500\\\"\" Computer=XXXXXXXX-FGT DestinationUserName=N/A DeviceAction=WPA-2/4-key-msg DeviceEventCategory=event DeviceEventClassID=0104043651 DeviceExternalID=FG100FTKXXXXXXXX DeviceName=XXXXXXXXX-FGT DeviceProduct=FortiGate-100F DeviceVendor=Fortinet DeviceVersion=\"7.0.12,build0523 (GA)\" \"EndTime [Eastern Time (US and Canada)]\"= Message=\"AP received 2/4 message of 4-way handshake from client xx:31:xx:58:bf:xx\" Reason=\"Reserved 0\" SimplifiedDeviceAction=WPA-2/4-key-msg \"TimeGenerated [Eastern Time (US and Canada)]\"=\"1/9/2024, 11:38:12.932 AM\" Type=CommonSecurityLog _ResourceId= ad.ap=FP431FTFXXXXXXXX ad.channel=100 ad.encryption=AES ad.eventtime=170481829266762XXXX ad.logdesc=\"Wireless client sent 2/4 message of 4 way handshake\" ad.logid=0104043651 ad.radioid=2 ad.remotewtptime=35.947755 ad.security=\"WPA2 Enterprise\" ad.sn=FP431FTF2002XXXX ad.ssid=HWCDSB_GUEST ad.stamac=72:31:0b:58:bf:e4 ad.subtype=wireless ad.tz=-0500 ad.vap=HWCDSB_GUEST2 ad.vd=root deviceSeverity=warning logver=700120523 start=\"Jan 09 2024 11:38:12\" tz=-0500 TenantId=xxxxxb5b9-579f-4123-93d7-bf34a96fxxxx",
  "timestamp": "2024-11-04T12:20:46.691932964Z"
}

PreviousCisco Serializer NextOCSF Serializer

Last updated 1 year ago

Was this helpful?

hashtagOverview

hashtagConfiguration Parameters

hashtagName

hashtagDescription

hashtagSerializer

hashtagEnabled

hashtagFortinet Event Field

hashtagFortinet Metadata Field

hashtagOutput

hashtagExamples

hashtagConfigs

hashtagInput

hashtagOutput

Overview

Configuration Parameters

Name

Description

Serializer

Enabled

Fortinet Event Field

Fortinet Metadata Field

Output

Examples

Configs

Input

Output