Stay organized with collections
Save and categorize content based on your preferences.
Change log for FORTINET_FORTIEDR
Date
Changes
2025-04-17
Enhancement:
- Added a Grok pattern to parse new type of logs.
- Added condition to check if mac raw log field is valid mac or not
- Added condition to check if `asset_os` raw log field has `WINDOWS` or `LINUX` or `MAC`.
2024-12-13
Bug-fix:
- Mapped "sec_result.severity" to High when "sec_result.severity" is "High".
- Mapped "Action" to "sec_result.action_details" when Action is Logged.
- Mapped timestamp to "metadata.event_timestamp".
2024-09-16
Enhancement:
- Added a Grok pattern to map "Operating System: Linux" to "principal.platform".
2024-09-02
Enhancement:
- Mapped "Users" to "additional.fields".
2023-08-07
Enhancement:
- Added Grok pattern to handle new log format.
2023-07-06
Enhancement:
- Mapped "device_name" to "principal.hostname".
- Mapped "Component Name" to "additional.fields".
- Mapped "process_name" to "principal.application".
- Mapped "Operating System" to "principal.platform".
- Mapped "os_version" to "principal.platform_version".
- Mapped "userId" to "principal.user.userId".
- Mapped "userDisplayName" to "principal.user.userId".
- Mapped "event_id" to "metadata.product_log_id".
- Mapped "mac_address" to "principal.mac".
- Mapped "Organization" to "additional.fields".
- Mapped "dst" to "target.ip".
- Mapped "intermediary_ip" to "intermediary.ip".
- Mapped "server_host" to "security_result.detection_fields".
- Mapped "description_details" to "metadata.description".
2023-05-09
- Added Grok pattern to handle unparsed logs.
- Mapped the field "Destination" to "target.ip".
- Mapped the "metadata.event_type" to "USER_LOGIN" where the field "description" contains "System login".
- Mapped the "metadata.event_type" to "USER_LOGOUT" where the field "description" contains "System logout".
- Changed the "metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where "target.user.userid" is not null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eRecent updates include a bug fix where "sec_result.severity" is now correctly mapped to High when it is High, "Action" is mapped to "sec_result.action_details" when Logged, and timestamps are mapped to "metadata.event_timestamp".\u003c/p\u003e\n"],["\u003cp\u003eEnhancements have been made to map various log data fields, including mapping "Operating System: Linux" to "principal.platform" and "Users" to "additional.fields".\u003c/p\u003e\n"],["\u003cp\u003eGrok patterns have been implemented to handle new log formats and unparsed logs, enhancing the system's ability to process diverse log data.\u003c/p\u003e\n"],["\u003cp\u003eMultiple mappings have been introduced to improve data categorization, including mapping fields such as "device_name", "process_name", "userId", and "mac_address" to their respective categories.\u003c/p\u003e\n"],["\u003cp\u003eEvent types have been refined to more accurately reflect user activity, such as mapping "metadata.event_type" to "USER_LOGIN" or "USER_LOGOUT" based on the description content and changing "metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED".\u003c/p\u003e\n"]]],[],null,["# Change log for FORTINET_FORTIEDR\n================================"]]
