Getting Data In

Fortinet filed extractions

g_paternicola
Path Finder

Hi everyone,

I'm getting probably an issue with the extraction of my Fortinet data. I have installed the following apps:

 

Fortinet FortiGate App for SplunkSplunkAppForFortinet

1.5.1

Fortinet Fortigate Add-on for SplunkSplunk_TA_fortinet_fortigate1.6.2

 

Does anyone know the different of the field action and ftnt_action? because I'm getting different results there. 

In field action do I have for example "blocked" but in ftnt_action do I have "detected" and also "dropped". This is a bit confusing while I'm trying to get only blocked attacks. 

Could someone please help me?

Tags (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!