Hi everyone,
I'm getting probably an issue with the extraction of my Fortinet data. I have installed the following apps:
Fortinet FortiGate App for Splunk | SplunkAppForFortinet | 1.5.1 |
Fortinet Fortigate Add-on for Splunk | Splunk_TA_fortinet_fortigate | 1.6.2 |
Does anyone know the different of the field action and ftnt_action? because I'm getting different results there.
In field action do I have for example "blocked" but in ftnt_action do I have "detected" and also "dropped". This is a bit confusing while I'm trying to get only blocked attacks.
Could someone please help me?