FortiAnalyzer 6.0.3 includes the following new features and enhancements:
New Default Event Handlers
The following new default Event Handlers have been added for malicious, suspicious, and high risk events:
Log ID for long sessions
In FortiView, Log ID = 0000000020 indicates a long session that is not yet closed. A long session has multiple logs but is still considered one session. The sent/received data of long sessions counts all interim traffic data reported by lines with Log ID = 0000000020.
When the session is closed, the Log ID is 13.