Change log for FORTINET_FORTIANALYZER
Date | Changes |
---|---|
2024-11-28 | Enhancement:
- Mapped "filename" to "target.file.full_path". |
2024-11-19 | Enhancement:
- Mapped "dstuser" to "target.user.userid". |
2024-11-13 | Enhancement:
- Mapped "fsaverdict" to "additional.fields". |
2024-10-28 | Enhancement:
- Changed "srcinf", "dstinf", "srcintfrole", and "dstintfrole" mapping from "security_result.detection_fields" to "additional.fields". |
2024-10-16 | Enhancement:
- Mapped "type", "subtype", and "level" to "metadata.ingestion_labels". |
2024-10-01 | Enhancement:
- Mapped "logdesc" to "metadata.description". |
2024-10-01 | Enhancement:
- Mapped "logdesc" to "metadata.description". |
2024-09-23 | Enhancement:
- Modified mapping for "devname" to "principal.resource.attribute.labels". - Mapped "srcname" to "principal.hostname" and "principal.asset.hostname". |
2024-09-12 | Enhancement:
- Added conditional checks to map the value "BLOCK" to the "security_result.action" UDM field when the "reason" value is "sslvpn_login_permission_denied". |
2024-07-22 | Enhancement:
- Added "gusb" to handle the unparsed logs. |
2024-07-04 | Enhancement:
- When "msg" contains "login", then set "event_type" to "USER_LOGIN". |
2024-04-25 | Enhancement:
- Mapped "httpmethod" to "network.http.method". - When "action" is "login", then map "ALLOW" to "security_result.action". - When "msg" contains "logged in successfully", then set "event_type" to "USER_LOGIN". - When "msg" contains "login failed", then set "event_type" to "USER_LOGOUT". |
2023-07-19 | Bug-Fix:
- Added gsub to remove "\n" to parse failing logs. |
2023-05-05 | - Added support for logs with CEF format.
|
2022-09-19 | Newly Created Parser
|