Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
FortiKoala
Staff
Staff

Created on ‎03-01-2019 09:25 AM

Article Id 196440

Technical Note: ZoneFox 3 - Linux and Mac agents send all events as 'user' data

Description

Linux and Mac agents send all events as 'user' data


Scope

FAQ


Solution

Current implementations of ZoneFox (up to and including v3.3) do not differentiate between user and system events for Linux and Mac agents.  This means all events are treated as being a user event and are stored in a user index (events.usr.xxxx.xx), rather than being filtered to a system index (events.sys.xxxx.xx.xx).  Due to this, unusually large indices could be created, which could result in the hard-limit of the number of documents in a shard being reached.


Note that Windows agents do differentiate between user and system events.



Labels:
252
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.