Change log for FORTINET_FORTINAC

Date	Changes
2025-05-15	Enhancement: - Added new grok patterns in order to parse the logs with CEF format. - event.idm.read_only_udm.principal.hostname: Newly mapped `src_hst1` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `src_hst1` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field - event.idm.read_only_udm.principal.mac: Newly mapped `src_macadd` raw log field with `event.idm.read_only_udm.principal.mac` UDM field - event.idm.read_only_udm.principal.asset.mac: Newly mapped `src_macadd` raw log field with `event.idm.read_only_udm.principal.mac` UDM field - `USER_UNCATEGORIZED`: Added support for the event `USER_UNCATEGORIZED` and relevant corresponding raw log fields. - `SYSLOG+CSV`: Added support for `SYSLOG+CSV` format. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `column2` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `column3` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field - event.idm.read_only_udm.principal.user.userid: Newly mapped `column6` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field - event.idm.read_only_udm.principal.mac: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.mac` UDM field - event.idm.read_only_udm.principal.asset.mac: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.mac` UDM field - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field - event.idm.read_only_udm.metadata.description: Newly mapped `column10` raw log field with `event.idm.read_only_udm.metadata.description` UDM field - event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field - event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field - event.idm.read_only_udm.security_result.rule_name: Newly mapped `rule_name` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field - event.idm.read_only_udm.principal.ip: Newly mapped `column8` raw log field with `event.idm.read_only_udm.principal.ip` UDM field - event.idm.read_only_udm.principal.asset.ip: Newly mapped `column8` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field - event.idm.read_only_udm.target.mac: Newly mapped `column9` raw log field with `event.idm.read_only_udm.target.mac` UDM field - event.idm.read_only_udm.target.asset.mac: Newly mapped `column9` raw log field with `event.idm.read_only_udm.target.mac` UDM field
2022-07-08	Enhancement: - Modified mapping for "oldrole" from "principal.user.role_name" to "principal.user.attribute.roles". - Modified mapping for "newrole" from "target.user.role_name" to "target.user.attribute.roles".

Date

Changes

2025-05-15

Enhancement:
- Added new grok patterns in order to parse the logs with CEF format.
- event.idm.read_only_udm.principal.hostname: Newly mapped `src_hst1` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `src_hst1` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field
- event.idm.read_only_udm.principal.mac: Newly mapped `src_macadd` raw log field with `event.idm.read_only_udm.principal.mac` UDM field
- event.idm.read_only_udm.principal.asset.mac: Newly mapped `src_macadd` raw log field with `event.idm.read_only_udm.principal.mac` UDM field
- `USER_UNCATEGORIZED`: Added support for the event `USER_UNCATEGORIZED` and relevant corresponding raw log fields.
- `SYSLOG+CSV`: Added support for `SYSLOG+CSV` format.
- event.idm.read_only_udm.metadata.product_log_id: Newly mapped `column2` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field
- event.idm.read_only_udm.metadata.product_event_type: Newly mapped `column3` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field
- event.idm.read_only_udm.principal.user.userid: Newly mapped `column6` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field
- event.idm.read_only_udm.principal.mac: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.mac` UDM field
- event.idm.read_only_udm.principal.asset.mac: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.mac` UDM field
- event.idm.read_only_udm.principal.user.user_display_name: Newly mapped `column7` raw log field with `event.idm.read_only_udm.principal.user.user_display_name` UDM field
- event.idm.read_only_udm.metadata.description: Newly mapped `column10` raw log field with `event.idm.read_only_udm.metadata.description` UDM field
- event.idm.read_only_udm.principal.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field
- event.idm.read_only_udm.principal.asset.hostname: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field
- event.idm.read_only_udm.security_result.rule_name: Newly mapped `rule_name` raw log field with `event.idm.read_only_udm.security_result.rule_name` UDM field
- event.idm.read_only_udm.principal.ip: Newly mapped `column8` raw log field with `event.idm.read_only_udm.principal.ip` UDM field
- event.idm.read_only_udm.principal.asset.ip: Newly mapped `column8` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field
- event.idm.read_only_udm.target.mac: Newly mapped `column9` raw log field with `event.idm.read_only_udm.target.mac` UDM field
- event.idm.read_only_udm.target.asset.mac: Newly mapped `column9` raw log field with `event.idm.read_only_udm.target.mac` UDM field

2022-07-08

Enhancement:
- Modified mapping for "oldrole" from "principal.user.role_name" to "principal.user.attribute.roles".
- Modified mapping for "newrole" from "target.user.role_name" to "target.user.attribute.roles".