By default, a detection event sent by Kaspersky CyberTrace contains the IP address of the device that sent the original event and a field for the detected indicator. However, FortiSIEM does not contain fields for storing this IP address and indicator. This section describes how to add a field for storing values that you need in FortiSIEM.
To add a field for storing an IP address and detected indicator in FortiSIEM:
The Add Event Attribute Type Definition window opens.
Adding a new field in FortiSIEM
For more information about adding a new field in FortiSIEM, visit http://help.fortinet.com/fsiem/5-1-1/Online-Help/HTML5_Help/Working_with_Event_Attributes.htm.
Page top