FortiAnalyzer supports FortiWeb Cloud attack logs
FortiAnalyzer now supports FortiWeb Cloud attack logs, and additional event/attack log fields have been added.
After adding and authorizing a FortiWeb Cloud device in FortiAnalyzer, you can view Attack and Event logs from this device in Log View.
To view FortiWeb Cloud logs in FortiAnalyzer:
- In Device Manager, add and authorize the FortiWeb Cloud device.
- To view logs from the FortiWeb Cloud device, go to Log View > Log Browse.
You can also go to Log View > FortiWeb > Attack. This includes FortiWeb Cloud attack logs, as well as four new fields:
user_id, which corresponds to the User ID column
app_id, which corresponds to the Application ID column
app_name, which corresponds to the Application Name column
app_domain, which corresponds to the Application Domain column
See an example of Log View > FortiWeb > Attack below.
Finally, you can also go to Log View > FortiWeb > Event. This includes FortiWeb Cloud event logs, as well as five new fields:
- user_id, which corresponds to the User ID column
- login_user, which corresponds to the User column
app_id, which corresponds to the Application ID column
app_name, which corresponds to the Application Name column
app_domain, which corresponds to the Application Domain column
See an example of Log View > FortiWeb > Event below.