AV log samples

Log Type	Subtype	Log Sample
Event	User	date="2021-05-21" time="13:41:38" tz="MDT" logid="0400000001" devid="FAI35FT319000026" type="event" subtype="user" level="information" user="admin" ui="init" action="none" status="none" msg="changed settings of 'ipaddr' for 'system syslog fortianalyzer settings'"
	System	date=”2021-03-31” time=”15:50:19” tz=”PDT” logid=”0802001914” devid=”FAIVMSTM21000033” type=”event” subtype=”system” level=”information” user=”none” ui=”none” action=”none” status=”success” msg="ldapcached is being stopped; all connections to remote host(s) will be terminated."
	File-stats	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0403000001” devid=”FAIVMSTM21000033” type=”event” subtype=”file-stats” level=”information” status=”success” fileaccepted=100 fileprocessed=99 filedetected=99
	Automation	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0404000001” devid=”FAIVMSTM21000033” type=”event” subtype=”automation” level=”information” status=”success” profilename=”profile1” targetip=”10.10.3.4” policyconf=87 postaction=”block” modtime=”2021-05-13 15:16:23” attemptcnt=12
	Perf-stats	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0405000001” devid=”FAIVMSTM21000033” type=”event” subtype=”perf-stats” level=”information” status=”success” cpu=20 mem=70 logdisk=0 datadisk=21
	Malware	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0408000001” devid=”FAIVMSTM21000033” type=”event” subtype=”malware” level=”information” status=”success” featurelstcnt=19 featurelst= “Generic Trojan, Trojan, BackDoor, Application, Virus, Worm, Downloader, Redirector, Dropper, Phishing, Exploit, Proxy, Ransomware, Banking Trojan, PWS, Infostealer, Clicker, CoinMiner, WebShell” featurecounts=”35476, 81, 15, 9, 7, 3, 3, 3, 3, 1, 1,1,1,1,1,1,1,1,1” date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0408000001” devid=”FAIVMSTM21000033” type=”event” subtype=”malware” level=”information” status=”success” featurelstcnt=10 featurelst= “Generic Trojan, Trojan, BackDoor, Application, Virus, Worm, Downloader, Redirector, Dropper, Phishing” featurecounts=”35476, 81, 15, 9, 7, 3, 3, 3, 3, 1”
Attack	Attack chain	date="2021-05-21" time="10:23:05" tz="PDT" logid="0500000001" devhost="FAI35FT321000001" devid="FAI35FT321000001" type="attack" subtype="Attack Chain" level="alert" user="admin" ui="daemon" action="none" status="success" eventid=7255021 discoverydate="2021-05-21 10:13:27" risklevel="High", malwarefamily="N/A" scenariotype="Botnet" filecnt=1 filelist="435387294"
Attack	Malware	date="2021-05-21" time="10:23:05" tz="PDT" logid="0521000001" devid="FAI35FT321000001" type="attack" subtype="Malware" level="alert" action="none" devicetype="sniffer" fossn="" fosvd="" fileid=435387294 filetype="PE" md5="ddc770fa317b4a49b4194e4dcf8d308e" virusname="W32/Rbot.15B3!tr" url="http://172.19.235.2/data/0/4B72XXXX/4B72B9D2.vRG" detype="N/A" subdetype="N/A" attackerip="172.19.235.2" attackerport=80 victimip="172.19.235.76" victimport=10578 detypelstcnt=3 detypelst=”worm,trojan,downloader” detypecounts=”64,64,2”

Log Type	Subtype	Log Sample
Event	User	date="2021-05-21" time="13:41:38" tz="MDT" logid="0400000001" devid="FAI35FT319000026" type="event" subtype="user" level="information" user="admin" ui="init" action="none" status="none" msg="changed settings of 'ipaddr' for 'system syslog fortianalyzer settings'"
	System	date=”2021-03-31” time=”15:50:19” tz=”PDT” logid=”0802001914” devid=”FAIVMSTM21000033” type=”event” subtype=”system” level=”information” user=”none” ui=”none” action=”none” status=”success” msg="ldapcached is being stopped; all connections to remote host(s) will be terminated."
	File-stats	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0403000001” devid=”FAIVMSTM21000033” type=”event” subtype=”file-stats” level=”information” status=”success” fileaccepted=100 fileprocessed=99 filedetected=99
	Automation	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0404000001” devid=”FAIVMSTM21000033” type=”event” subtype=”automation” level=”information” status=”success” profilename=”profile1” targetip=”10.10.3.4” policyconf=87 postaction=”block” modtime=”2021-05-13 15:16:23” attemptcnt=12
	Perf-stats	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0405000001” devid=”FAIVMSTM21000033” type=”event” subtype=”perf-stats” level=”information” status=”success” cpu=20 mem=70 logdisk=0 datadisk=21
	Malware	date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0408000001” devid=”FAIVMSTM21000033” type=”event” subtype=”malware” level=”information” status=”success” featurelstcnt=19 featurelst= “Generic Trojan, Trojan, BackDoor, Application, Virus, Worm, Downloader, Redirector, Dropper, Phishing, Exploit, Proxy, Ransomware, Banking Trojan, PWS, Infostealer, Clicker, CoinMiner, WebShell” featurecounts=”35476, 81, 15, 9, 7, 3, 3, 3, 3, 1, 1,1,1,1,1,1,1,1,1” date=”2021-03-31” time=”16:18:28” tz=”PDT” logid=”0408000001” devid=”FAIVMSTM21000033” type=”event” subtype=”malware” level=”information” status=”success” featurelstcnt=10 featurelst= “Generic Trojan, Trojan, BackDoor, Application, Virus, Worm, Downloader, Redirector, Dropper, Phishing” featurecounts=”35476, 81, 15, 9, 7, 3, 3, 3, 3, 1”
Attack	Attack chain	date="2021-05-21" time="10:23:05" tz="PDT" logid="0500000001" devhost="FAI35FT321000001" devid="FAI35FT321000001" type="attack" subtype="Attack Chain" level="alert" user="admin" ui="daemon" action="none" status="success" eventid=7255021 discoverydate="2021-05-21 10:13:27" risklevel="High", malwarefamily="N/A" scenariotype="Botnet" filecnt=1 filelist="435387294"
Attack	Malware	date="2021-05-21" time="10:23:05" tz="PDT" logid="0521000001" devid="FAI35FT321000001" type="attack" subtype="Malware" level="alert" action="none" devicetype="sniffer" fossn="" fosvd="" fileid=435387294 filetype="PE" md5="ddc770fa317b4a49b4194e4dcf8d308e" virusname="W32/Rbot.15B3!tr" url="http://172.19.235.2/data/0/4B72XXXX/4B72B9D2.vRG" detype="N/A" subdetype="N/A" attackerip="172.19.235.2" attackerport=80 victimip="172.19.235.76" victimport=10578 detypelstcnt=3 detypelst=”worm,trojan,downloader” detypecounts=”64,64,2”