Change log for FORTINET_FORTIWEB
| Date | Changes |
|---|---|
| 2025-06-05 | Enhancement:
- event.idm.read_only_udm.security_result.action_details: Newly mapped `action` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field when `action` in "login" or "edit". - Set `sec_result` as BLOCK when action is `Deny`. - Modified conditional check for `sub_type` udm field. |
| 2025-05-28 | Enhancement:
- event.idm.read_only_udm.principal.user.userid: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field when `action` in "login" or "edit". - event.idm.read_only_udm.security_result.threat_name: Newly mapped `attack_type` raw log field with `event.idm.read_only_udm.security_result.threat_name` UDM field when `type` is "attack". - Modified null check conditions for "signature_subclass" and "signature_id". |
| 2025-05-21 | Enhancement:
- Added "gsub" for to convert "iframe src" to "iframe_src" to fix log parsing errors. - Added IP Validation to parse the IP address from "src" raw log field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `matched_pattern` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2025-02-06 | Enhancement:
-Changed "devname" mapping from "principal.resource.name" to "intermediary.hostname". |
| 2024-09-30 | Enhancement:
- Added support to parse the new format of unparsed KV logs. |
| 2024-01-09 | - Added support for CEF format logs.
- Added a Grok pattern to match new format of CEF logs. - Mapped "principal_hostnamne" to "principal.hostname". - Mapped "principal.app" to "principal.application". |
| 2023-05-18 | - Newly created parser.
|