Change log for FORTINET_WEBPROXY
| Date | Changes |
|---|---|
| 2026-04-14 | Enhancement:
- Corrected the product `Category` from `Storage` to `Web Proxy` in the parser configuration. |
| 2026-04-09 | Enhancement:
- `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `eventtime` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. - `event.idm.read_only_udm.metadata.collected_timestamp`: Newly mapped `ts` raw log field with `event.idm.read_only_udm.metadata.collected_timestamp` UDM field. - `event.idm.read_only_udm.additional.fields`: Newly mapped `transid` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - `event.idm.read_only_udm.security_result.detection_fields`: Newly mapped `method` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - Added a grok pattern on `eventtime` to extract `eventtime_sec`, `eventtime_nano`. |
| 2025-06-24 | Enhancement:
- "event.idm.read_only_udm.additional.fields": Newly mapped "subtype" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "catdesc" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.network.sent_bytes": Newly mapped "sentbyte" raw log field with "event.idm.read_only_udm.network.sent_bytes" UDM field. - "event.idm.read_only_udm.network.received_bytes": Newly mapped "rcvdbyte" raw log field with "event.idm.read_only_udm.network.received_bytes" UDM field. - "event.idm.read_only_udm.network.http.referral_url": Newly mapped "referralurl" raw log field with "event.idm.read_only_udm.network.http.referral_url" UDM field. - "event.idm.read_only_udm.network.http.method": Newly mapped "httpmethod" raw log field with "event.idm.read_only_udm.network.http.method" UDM field. - "event.idm.read_only_udm.additional.fields": Newly mapped "reqtype" raw log field with "event.idm.read_only_udm.additional.fields" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "ratemethod" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Newly mapped "cat" raw log field with "event.idm.read_only_udm.security_result.detection_fields" UDM field. - "event.idm.read_only_udm.principal.user.userid": Removed mapping for "vd" raw log field with "event.idm.read_only_udm.principal.user.userid" UDM field.Because "event.idm.read_only_udm.principal.user.userid" UDM event is already mapped to "user" ,this caused the "vd" mapping to be overwritten. - "event.idm.read_only_udm.principal.user.user_display_name": Mapped "vd" raw log field with "event.idm.read_only_udm.principal.user.user_display_name" UDM field. - "event.idm.read_only_udm.security_result.detection_fields": Updated the mapping for the "policyid" raw log field to merge it as a key-value pair with "PolicyID" as the key and the "policyid" value as the value, using the "policyid_label" variable. - "event.idm.read_only_udm.network.direction": Updated to include mapping for "outgoing" and "outbound" values to "OUTBOUND", in existing raw log field "direction". |
| 2025-01-07 | Enhancement:
- Newly created parser. |