Change log for FORTINET_FORTIANALYZER
| Date | Changes |
|---|---|
| 2024-10-01 | Enhancement:
- Mapped "logdesc" to "metadata.description". |
| 2024-10-01 | Enhancement:
- Mapped "logdesc" to "metadata.description". |
| 2024-09-23 | Enhancement:
- Modified mapping for "devname" to "principal.resource.attribute.labels". - Mapped "srcname" to "principal.hostname" and "principal.asset.hostname". |
| 2024-09-12 | Enhancement:
- Added conditional checks to map the value "BLOCK" to the "security_result.action" UDM field when the "reason" value is "sslvpn_login_permission_denied". |
| 2024-07-22 | Enhancement:
- Added "gusb" to handle the unparsed logs. |
| 2024-07-04 | Enhancement:
- When "msg" contains "login", then set "event_type" to "USER_LOGIN". |
| 2024-04-25 | Enhancement:
- Mapped "httpmethod" to "network.http.method". - When "action" is "login", then map "ALLOW" to "security_result.action". - When "msg" contains "logged in successfully", then set "event_type" to "USER_LOGIN". - When "msg" contains "login failed", then set "event_type" to "USER_LOGOUT". |
| 2023-07-19 | Bug-Fix:
- Added gsub to remove "\n" to parse failing logs. |
| 2023-05-05 | - Added support for logs with CEF format.
|
| 2022-09-19 | Newly Created Parser
|