Fortinet Serializer

Serializer:
  Enabled: true
  Fortinet Event Field: fortinet
  Fortinet Metadata Field: ft_syslog_prefix
  Output: Splunk

{
  "fortinet": {
    "Activity": "wireless event WPA-2/4-key-msg",
    "AdditionalExtensions": "start=Jan 09 2024 11:38:12;logver=700120523;ad.vd=root;ad.eventtime=1704818292667620554;ad.tz=-0500;ad.logid=0104043651;ad.subtype=wireless;deviceSeverity=warning;ad.logdesc=Wireless client sent 2/4 message of 4 way handshake;ad.sn=FP431FTF200XXXXX;ad.ap=FP431FTF200XXXXX;ad.vap=HWCDSB_GUEST2;ad.ssid=HWCDSB_GUEST;ad.radioid=2;ad.stamac=XX:31:0b:58:bf:XX;ad.channel=100;ad.security=WPA2 Enterprise;ad.encryption=AES;ad.remotewtptime=35.947755;tz=\"-0500\"",
    "Computer": "XXXXXXXX-FGT",
    "DestinationUserName": "N/A",
    "DeviceAction": "WPA-2/4-key-msg",
    "DeviceEventCategory": "event",
    "DeviceEventClassID": "0104043651",
    "DeviceExternalID": "FG100FTKXXXXXXXX",
    "DeviceName": "XXXXXXXXX-FGT",
    "DeviceProduct": "FortiGate-100F",
    "DeviceVendor": "Fortinet",
    "DeviceVersion": "7.0.12,build0523 (GA)",
    "EndTime [Eastern Time (US and Canada)]": "",
    "Message": "AP received 2/4 message of 4-way handshake from client xx:31:xx:58:bf:xx",
    "Reason": "Reserved 0",
    "SimplifiedDeviceAction": "WPA-2/4-key-msg",
    "TimeGenerated [Eastern Time (US and Canada)]": "1/9/2024, 11:38:12.932 AM",
    "Type": "CommonSecurityLog",
    "ad.ap": "FP431FTFXXXXXXXX",
    "ad.channel": "100",
    "ad.encryption": "AES",
    "ad.eventtime": "170481829266762XXXX",
    "ad.logdesc": "Wireless client sent 2/4 message of 4 way handshake",
    "ad.logid": "0104043651",
    "ad.radioid": "2",
    "ad.remotewtptime": "35.947755",
    "ad.security": "WPA2 Enterprise",
    "ad.sn": "FP431FTF2002XXXX",
    "ad.ssid": "HWCDSB_GUEST",
    "ad.stamac": "72:31:0b:58:bf:e4",
    "ad.subtype": "wireless",
    "ad.tz": "-0500",
    "ad.vap": "HWCDSB_GUEST2",
    "ad.vd": "root",
    "deviceSeverity": "warning",
    "logver": "700120523",
    "start": "Jan 09 2024 11:38:12",
    "tz": "-0500",
    "TenantId": "xxxxxb5b9-579f-4123-93d7-bf34a96fxxxx"
  }
}

{
  "message": "Activity=\"wireless event WPA-2/4-key-msg\" AdditionalExtensions=\"start=Jan 09 2024 11:38:12;logver=700120523;ad.vd=root;ad.eventtime=1704818292667620554;ad.tz=-0500;ad.logid=0104043651;ad.subtype=wireless;deviceSeverity=warning;ad.logdesc=Wireless client sent 2/4 message of 4 way handshake;ad.sn=FP431FTF200XXXXX;ad.ap=FP431FTF200XXXXX;ad.vap=HWCDSB_GUEST2;ad.ssid=HWCDSB_GUEST;ad.radioid=2;ad.stamac=XX:31:0b:58:bf:XX;ad.channel=100;ad.security=WPA2 Enterprise;ad.encryption=AES;ad.remotewtptime=35.947755;tz=\\\"-0500\\\"\" Computer=XXXXXXXX-FGT DestinationUserName=N/A DeviceAction=WPA-2/4-key-msg DeviceEventCategory=event DeviceEventClassID=0104043651 DeviceExternalID=FG100FTKXXXXXXXX DeviceName=XXXXXXXXX-FGT DeviceProduct=FortiGate-100F DeviceVendor=Fortinet DeviceVersion=\"7.0.12,build0523 (GA)\" \"EndTime [Eastern Time (US and Canada)]\"= Message=\"AP received 2/4 message of 4-way handshake from client xx:31:xx:58:bf:xx\" Reason=\"Reserved 0\" SimplifiedDeviceAction=WPA-2/4-key-msg \"TimeGenerated [Eastern Time (US and Canada)]\"=\"1/9/2024, 11:38:12.932 AM\" Type=CommonSecurityLog _ResourceId= ad.ap=FP431FTFXXXXXXXX ad.channel=100 ad.encryption=AES ad.eventtime=170481829266762XXXX ad.logdesc=\"Wireless client sent 2/4 message of 4 way handshake\" ad.logid=0104043651 ad.radioid=2 ad.remotewtptime=35.947755 ad.security=\"WPA2 Enterprise\" ad.sn=FP431FTF2002XXXX ad.ssid=HWCDSB_GUEST ad.stamac=72:31:0b:58:bf:e4 ad.subtype=wireless ad.tz=-0500 ad.vap=HWCDSB_GUEST2 ad.vd=root deviceSeverity=warning logver=700120523 start=\"Jan 09 2024 11:38:12\" tz=-0500 TenantId=xxxxxb5b9-579f-4123-93d7-bf34a96fxxxx",
  "timestamp": "2024-11-04T12:20:46.691932964Z"
}