Adding fields in FortiSIEM
April 11, 2024
ID 181682
By default, a detection event sent by Kaspersky CyberTrace contains the IP address of the device that sent the original event and a field for the detected indicator. However, FortiSIEM does not contain fields for storing this IP address and indicator. This section describes how to add a field for storing values that you need in FortiSIEM.
To add a field for storing an IP address and detected indicator in FortiSIEM:
- Open the FortiSIEM web console.
- Select Admin > Device Support > Event Attribute.
- Click New.
The Add Event Attribute Type Definition window opens.
- Specify the following information:
- In the Name field, specify dvcIpAddr.
- In the Display Name field, specify Device IP Address.
- In the Value Type field, select IP.
- Fill in the rest of the fields as you wish.
Adding a new field in FortiSIEM
- Click Save.
- Click New.
- In the Add Event Attribute Type Definition window that opens, specify the following information:
- In the Name field, specify detectedIndicator.
- In the Display Name field, specify Detected indicator.
- In the Value Type field, select String.
- Fill in the rest of the fields as you wish.
- Click Save.
- Click Apply.
For more information about adding a new field in FortiSIEM, visit http://help.fortinet.com/fsiem/5-1-1/Online-Help/HTML5_Help/Working_with_Event_Attributes.htm.