Change log for FORTINET_FORTIWEB
| Date | Changes |
|---|---|
| 2025-07-02 | Enhancement:
- Added gsub function on `eventtime` to truncate it to 13 digits for correct parsing. - event1.idm.read_only_udm.metadata.event_timestamp: Newly mapped `eventtime` raw log field with `event1.idm.read_only_udm.metadata.event_timestamp` UDM field. - event1.idm.read_only_udm.additional.fields: Newly mapped `http_request_time`, `http_response_time` and `subtype` raw log field with `event1.idm.read_only_udm.additional.fields` UDM field. - event1.idm.read_only_udm.principal.ip , event1.idm.read_only_udm.principal.asset.ip: Newly mapped `original_src` raw log field with `event1.idm.read_only_udm.principal.ip` and `event1.idm.read_only_udm.principal.asset.ip` UDM field. |
| 2025-06-05 | Enhancement:
- event.idm.read_only_udm.security_result.action_details: Newly mapped `action` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field when `action` in "login" or "edit". - Set `sec_result` as BLOCK when action is `Deny`. - Modified conditional check for `sub_type` udm field. |
| 2025-05-28 | Enhancement:
- event.idm.read_only_udm.principal.user.userid: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field when `action` in "login" or "edit". - event.idm.read_only_udm.security_result.threat_name: Newly mapped `attack_type` raw log field with `event.idm.read_only_udm.security_result.threat_name` UDM field when `type` is "attack". - Modified null check conditions for "signature_subclass" and "signature_id". |
| 2025-05-21 | Enhancement:
- Added "gsub" for to convert "iframe src" to "iframe_src" to fix log parsing errors. - Added IP Validation to parse the IP address from "src" raw log field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `matched_pattern` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. |
| 2025-02-06 | Enhancement:
-Changed "devname" mapping from "principal.resource.name" to "intermediary.hostname". |
| 2024-09-30 | Enhancement:
- Added support to parse the new format of unparsed KV logs. |
| 2024-01-09 | - Added support for CEF format logs.
- Added a Grok pattern to match new format of CEF logs. - Mapped "principal_hostnamne" to "principal.hostname". - Mapped "principal.app" to "principal.application". |
| 2023-05-18 | - Newly created parser.
|