Stay organized with collections
Save and categorize content based on your preferences.
Change log for FORTINET_FORTIEDR
Date
Changes
2024-12-13
Bug-fix:
- Mapped "sec_result.severity" to High when "sec_result.severity" is "High".
- Mapped "Action" to "sec_result.action_details" when Action is Logged.
- Mapped timestamp to "metadata.event_timestamp".
2024-09-16
Enhancement:
- Added a Grok pattern to map "Operating System: Linux" to "principal.platform".
2024-09-02
Enhancement:
- Mapped "Users" to "additional.fields".
2023-08-07
Enhancement:
- Added Grok pattern to handle new log format.
2023-07-06
Enhancement:
- Mapped "device_name" to "principal.hostname".
- Mapped "Component Name" to "additional.fields".
- Mapped "process_name" to "principal.application".
- Mapped "Operating System" to "principal.platform".
- Mapped "os_version" to "principal.platform_version".
- Mapped "userId" to "principal.user.userId".
- Mapped "userDisplayName" to "principal.user.userId".
- Mapped "event_id" to "metadata.product_log_id".
- Mapped "mac_address" to "principal.mac".
- Mapped "Organization" to "additional.fields".
- Mapped "dst" to "target.ip".
- Mapped "intermediary_ip" to "intermediary.ip".
- Mapped "server_host" to "security_result.detection_fields".
- Mapped "description_details" to "metadata.description".
2023-05-09
- Added Grok pattern to handle unparsed logs.
- Mapped the field "Destination" to "target.ip".
- Mapped the "metadata.event_type" to "USER_LOGIN" where the field "description" contains "System login".
- Mapped the "metadata.event_type" to "USER_LOGOUT" where the field "description" contains "System logout".
- Changed the "metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where "target.user.userid" is not null.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["Recent updates include a bug fix where \"sec_result.severity\" is now correctly mapped to High when it is High, \"Action\" is mapped to \"sec_result.action_details\" when Logged, and timestamps are mapped to \"metadata.event_timestamp\"."],["Enhancements have been made to map various log data fields, including mapping \"Operating System: Linux\" to \"principal.platform\" and \"Users\" to \"additional.fields\"."],["Grok patterns have been implemented to handle new log formats and unparsed logs, enhancing the system's ability to process diverse log data."],["Multiple mappings have been introduced to improve data categorization, including mapping fields such as \"device_name\", \"process_name\", \"userId\", and \"mac_address\" to their respective categories."],["Event types have been refined to more accurately reflect user activity, such as mapping \"metadata.event_type\" to \"USER_LOGIN\" or \"USER_LOGOUT\" based on the description content and changing \"metadata.event_type\" from \"GENERIC_EVENT\" to \"USER_UNCATEGORIZED\"."]]],[]]
