FortiGate
FortiGate enables you to collect and normalize FortiGate logs and analyze the information through dashboards and security reports. FortiGate dashboards provide visualization related to threats, web attacks, and malicious activities. The FortiGate compiled normalizers are compatible with CNDP.
Additionally, when Logpoint identifies malicious events with a potential risk to your environment, it triggers security alerts based on predetermined rules.
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| Added Syslog Collector based Fortigate log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. | KB-18620 | - |
Past Releases
FortiGate v5.2.4
Release Date: December 18, 2023
Supported On: Logpoint v6.7.0 or later
Download: FortiGate_5.2.4.pak
SHA256: 949e5c4a5ae1651d0cf718adcb16c21f280958ade8ac339e4963c0c51e157271
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| The policyname field is mapped as policy in FortiOSCompiledNormalizer. | KB-18620 | - |
|
The tz field value of a raw log is used to normalize log_ts field by FortiOSCompiledNormalizer. |
KB-21597 | 76129 |
| Added protocol field and Query label in FortiCEFCompiledNormalizer and FortiOSCompiledNormalizer. | KB-21015, KB-21594 | 74766 |
|
You can now configure a date format for FortiGate compiled normalizers using CompiledNormalizer Date Preference (CNDP). To learn how, go to CNDP. |
KB-21982 | - |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
The int key type of the destination_address field was incorrectly mapped as a string in FortiCEFCompiledNormalizer. |
KB-21171 | 74508 |
|
Some labels were not applied to the normalized Fortinet Firewall logs by FortiCEFCompiledNormalizer. |
KB-18034 | 68759 |
| The ip_type field was not properly normalized by FortiOSCompiledNormalizer. | KB-18685 | 69993 |
FortiGate v5.2.1
Release Date: 08 Aug, 2022
Supported On: Logpoint v6.7.0 or later
Download: FortiGate_5.2.1.pak
SHA256: 9ca6035796e4875faedfa42b6403000b76b7390361c01a0b38d6cc2f18d71305
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
FortiOSCompiledNormalizer did not normalize FortiGate logs with values N/A. |
KB-14355 |
60722 |
| The value of URL field was incorrectly normalized by FortiOSCompiledNormalizer. | KB-16483 | 65381 |
| Some FortiGate logs were not normalized by FortiOSCompiledNormalizer | KB-13647 | 57813 |
FortiGate v5.2.0
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
The URL, Category, and Id fields are parsed from the message field in the FortiGate logs. |
KB-13776 | 58220 |
|
The utmaction field is now taken into account while applying labels for the FortiAnalyzer logs. |
KB-15906 | 63332 |
|
FortiOSCompiledNormalizer is updated to support FortiClient EMS logs. Also, the taxonomies of the FortiGate fields are changed. To learn more, go to the Appendix section in the Fortigate v5.2.0 guide. |
KB-14264 | 59990 |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
Some FortiGate logs were not normalized by the LP_FortiAnalyzer. |
KB-14298 | 60303 |
| Some FortiGate logs in the CEF format were not normalized by the FortiCEFCompiledNormalizer. | KB-14032 | 59107 |
| The URL field of some FortiGate logs were not properly normalized by the FortiOSCompiledNormalizer. | KB-14064 | 59424 |
FortiGate v5.1.0
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
Added a new compiled normalizer FortiCEFCompiledNormalizer. |
KB-11782 | 51874, 52315 |
- The label Configuration has been added to all the events with the label Configure to maintain consistency across all log sources.
- The following taxonomy fields have been added for FortiCEFCompiledNormalizer:
|
FortiGate Fields
|
Logpoint Fields
|
|---|---|
|
devicecategory |
device_category |
| ad.tz | timezone |
| ad_app | application |
| ad.appid | application_id |
| ad.applist | application_list |
| ad.apprisk | application_risk |
| ad.appcount | application_count |
| ad.lanin | lan_in |
| ad.lanout | lan_out |
| ad.utmaction | utm_action |
| ad.wanin | wan_in |
| ad.wanout | wan_out |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
Some FortiGate logs were not normalized by the LP_FortiAnalyzer. |
KB-14298 | 60303 |
| Some FortiGate logs in the CEF format were not normalized by the FortiCEFCompiledNormalizer. | KB-14032 | 59107 |
| The URL field of some FortiGate logs were not properly normalized by the FortiOSCompiledNormalizer. | KB-14064 | 59424 |
FortiGate v3.6.0
Release Date: May 05, 2020
Download: FortiGate_3.6.0.zip
SHA256: e807703e43ea9a4cd639d0242702c0d5b05e71735eb9f9ca473ca52707a874f5
Enhancement
A minor update has been done in the FortiGate's normalizer for better signature handling.
Support
If you have any questions or require assistance, create a support ticket.
One information is missing: Field "protocol" was renamed to protocol_id.