Adding fields in FortiSIEM

By default, a detection alert sent by Kaspersky CyberTrace contains the IP address of the device that sent the original event and a field for the detected indicator. However, FortiSIEM does not contain fields for storing this IP address and indicator. This section describes how to add a field for storing values that you need in FortiSIEM.

To add a field for storing an IP address and detected indicator in FortiSIEM:

  1. Open the FortiSIEM web console.
  2. Select AdminDevice SupportEvent Attribute.
  3. Click New.

    The Add Event Attribute Type Definition window opens.

  4. Specify the following information:
    • In the Name field, specify dvcIpAddr.
    • In the Display Name field, specify Device IP Address.
    • In the Value Type field, select IP.
    • Fill in the rest of the fields as you wish.

    Add Event Attribute Type Definition window in FortiSIEM.

    Adding a new field in FortiSIEM

  5. Click Save.
  6. Click New.
  7. In the Add Event Attribute Type Definition window that opens, specify the following information:
    • In the Name field, specify detectedIndicator.
    • In the Display Name field, specify Detected indicator.
    • In the Value Type field, select String.
    • Fill in the rest of the fields as you wish.
  8. Click Save.
  9. Click Apply.

For more information about adding a new field in FortiSIEM, visit http://help.fortinet.com/fsiem/5-1-1/Online-Help/HTML5_Help/Working_with_Event_Attributes.htm.

Page top