Change log for FORTINET_FORTIEDR
| Date | Changes |
|---|---|
| 2024-09-16 | Enhancement:
- Added a Grok pattern to map "Operating System: Linux" to "principal.platform". |
| 2024-09-02 | Enhancement:
- Mapped "Users" to "additional.fields". |
| 2023-08-07 | Enhancement:
- Added Grok pattern to handle new log format. |
| 2023-07-06 | Enhancement:
- Mapped "device_name" to "principal.hostname". - Mapped "Component Name" to "additional.fields". - Mapped "process_name" to "principal.application". - Mapped "Operating System" to "principal.platform". - Mapped "os_version" to "principal.platform_version". - Mapped "userId" to "principal.user.userId". - Mapped "userDisplayName" to "principal.user.userId". - Mapped "event_id" to "metadata.product_log_id". - Mapped "mac_address" to "principal.mac". - Mapped "Organization" to "additional.fields". - Mapped "dst" to "target.ip". - Mapped "intermediary_ip" to "intermediary.ip". - Mapped "server_host" to "security_result.detection_fields". - Mapped "description_details" to "metadata.description". |
| 2023-05-09 | - Added Grok pattern to handle unparsed logs.
- Mapped the field "Destination" to "target.ip". - Mapped the "metadata.event_type" to "USER_LOGIN" where the field "description" contains "System login". - Mapped the "metadata.event_type" to "USER_LOGOUT" where the field "description" contains "System logout". - Changed the "metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED" where "target.user.userid" is not null. |