포티웹

다운로드 4
업데이트 2024. 3. 20.

FortiWeb 탐지

포티웹 침입 탐지 로그

타입필드표시 이름설명
DATE_time시각
STRINGrisk위험도예: HIGH, MEDIUM, LOW
STRINGdevice_id장비ID예: FVVM080000202490
STRINGlog_id로그ID예: 20000008
IPsrc_ip출발지IP
PORTsrc_port출발지포트
IPdst_ip목적지IP
PORTdst_port목적지포트
STRINGprotocol프로토콜예: TCP
STRINGapp응용예: http, https/tls1.2
STRINGmethod메소드예: GET, POST
STRINGhost호스트예: www.abc.com, 192.192.192.192
STRINGpath경로예: /index.php
STRINGquery쿼리예: subject=server&server=test
STRINGuser_agent유저에이전트
STRINGreferer레퍼러예: http://www.abc.com
STRINGowaspOWASP예: A03:2021-Injection
STRINGowasp_apiOWASP_API예: API8:2019 Injection
STRINGsignature공격명예: Cross Site Scripting
STRINGpolicy정책예: Mail_80
STRINGaction대응예: BLOCK, DETECT
STRINGmatched_pattern탐지패턴예: alert(document.domain)
STRINGmatched_field탐지필드예: args, header
STRINGreason사유
STRINGcveCVE
STRINGcontent_switch_nameHTTP컨텐트라우팅
STRINGserver_pool_name서버풀
STRINGclient_level클라이언트수준예: Malicious
STRINGthreat_level위협수준예: Informational, Severe
INTthreat_weight위협점수예: 100, 75, 54
INThistory_threat_weight누적위협점수예: 19500,
STRINGhttp_session_idHTTP세션ID예: 678A3E139AF5F9BA52340497AF259757
STRINGhttp_versionHTTP버전예: 1.x
STRINGx509_cert_subject인증서주체
STRINGftp_modeFTP모드
STRINGftp_cmdFTP명령어
STRINGbackend_service백엔드서비스
STRINGbot_info봇정보
STRINGcipher_suite암호화방식
STRINGcategory분류예: Signature Detection
STRINGsubcategory소분류예: Cross Site Scripting
STRINGsignature_subclass시그니처분류
STRINGmonitor_status서버상태점검예: Disabled
STRINGsignature_id시그니처ID예: 010000063
STRINGdevice_serial장비시리얼
STRINGadom관리도메인예: root
STRINGml_svm_accuracySVM정확도