diff --git a/Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml b/Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml index 928dd559ebb..c02bae1c304 100644 --- a/Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml +++ b/Parsers/ASimWebSession/Parsers/ASimWebSessionFortinetFortiGate.yaml @@ -1,7 +1,7 @@ Parser: Title: Web Session ASIM parser for Fortinet FortiGate - Version: '0.1' - LastUpdated: Nov 11th, 2023 + Version: '0.1.1' + LastUpdated: Nov 4, 2024 Product: Name: Fortinet FortiGate Normalization: @@ -11,7 +11,7 @@ References: - Title: ASIM Web Session Schema Link: https://aka.ms/ASimWebSessionDoc - Title: ASIM - Link: https:/aka.ms/AboutASIM + Link: https://aka.ms/AboutASIM - Title: web log fields Link: https://docs.fortinet.com/document/fortigate/7.4.0/fortios-log-message-reference/400992 - Title: Fortinet FortiGate CEF setup @@ -52,10 +52,9 @@ ParserQuery: | | where DeviceVendor == "Fortinet" and DeviceProduct startswith "Fortigate" and Activity has_all ('webfilter', 'utm') - | extend - EventResultDetails = "NA" + //| extend EventResultDetails = "NA" // HTTP response codes are not included in Fortigate logs. | lookup EventLookup on DeviceAction - | project Activity,AdditionalExtensions,DestinationIP,DestinationPort,DeviceAction,DeviceInboundInterface,DeviceOutboundInterface,DeviceProduct,DeviceVersion,LogSeverity,Protocol,ReceivedBytes,SentBytes,SourceIP,SourcePort,TimeGenerated, DeviceExternalID, Type, _ItemId, Computer, EventResult, EventResultDetails, DvcAction, RequestURL, RequestContext, DestinationHostName, SourceHostName, SourceUserName, DestinationUserName + | project Activity,AdditionalExtensions,DestinationIP,DestinationPort,DeviceAction,DeviceInboundInterface,DeviceOutboundInterface,DeviceProduct,DeviceVersion,LogSeverity,Protocol,ReceivedBytes,SentBytes,SourceIP,SourcePort,TimeGenerated, DeviceExternalID, Type, _ItemId, Computer, EventResult, DvcAction, RequestURL, RequestContext, DestinationHostName, SourceHostName, SourceUserName, DestinationUserName, ApplicationProtocol | project-rename Url = RequestURL , UrlCategory = RequestContext @@ -72,9 +71,9 @@ ParserQuery: | , SrcInterfaceName = DeviceInboundInterface , SrcIpAddr = SourceIP , SrcPortNumber = SourcePort + , NetworkApplicationProtocol = ApplicationProtocol , DvcId = DeviceExternalID , EventUid = _ItemId - , DstHostname = DestinationHostName , SrcHostname = SourceHostName , SrcUsername = SourceUserName , DstUsername = DestinationUserName @@ -100,6 +99,7 @@ ParserQuery: | ['ad.agent']:string ) with (pair_delimiter=';', kv_delimiter='=') | parse AdditionalExtensions with * "x-forwarded-for=" HttpRequestXff:string ";" * + | invoke _ASIM_ResolveDstFQDN('DestinationHostName') | project-rename HttpReferrer = ['ad.referralurl'], HttpRequestMethod = ['ad.httpmethod'], @@ -115,10 +115,13 @@ ParserQuery: | ThreatOriginalRiskLevel = FortinetFortiGatecrscore, SrcPackets = FortinetFortiGatesentpkt, DstPackets = FortinetFortiGatercvdpkt - | parse AdditionalExtensions with * "Method=" temp_HttpRequestMethod "|User-Agent=" temp_HttpUserAgent ";" * + | extend + temp_HttpRequestMethod = extract(@"rawdata=.*?Method=(.*?)(?:\||\;|$)", 1, AdditionalExtensions), + temp_HttpUserAgent = extract(@"rawdata=.*?User-Agent=(.*?)(?:\||\;|$)", 1, AdditionalExtensions) | extend HttpRequestMethod = coalesce(temp_HttpRequestMethod,HttpRequestMethod), HttpUserAgent = coalesce(temp_HttpUserAgent,HttpUserAgent) + //HttpStatusCode = EventResultDetails // HTTP response codes are not included in Fortigate logs. | project-away temp_* | extend EventCount = int(1) @@ -126,6 +129,7 @@ ParserQuery: | , EventSchemaVersion = "0.2.6" , EventType = "HTTPsession" , EventVendor = "Fortinet" + , EventProduct = "Fortigate" , DvcIdType = "Other" , NetworkBytes = DstBytes + SrcBytes , EventEndTime = TimeGenerated @@ -148,4 +152,4 @@ ParserQuery: | Rule = tostring(RuleNumber) | project-away Protocol, AdditionalExtensions, NetworkProtocolNumber }; - parser (disabled=disabled) \ No newline at end of file + parser (disabled=disabled) diff --git a/Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml b/Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml index 0dc33be848b..905718b0f7b 100644 --- a/Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml +++ b/Parsers/ASimWebSession/Parsers/vimWebSessionFortinetFortiGate.yaml @@ -1,7 +1,7 @@ Parser: Title: Web Session ASIM filtering parser for Fortinet FortiGate - Version: '0.1' - LastUpdated: Nov 11th, 2023 + Version: '0.1.1' + LastUpdated: Nov 4, 2024 Product: Name: Fortinet FortiGate Normalization: @@ -11,7 +11,7 @@ References: - Title: ASIM Web Session Schema Link: https://aka.ms/ASimWebSessionDoc - Title: ASIM - Link: https:/aka.ms/AboutASIM + Link: https://aka.ms/AboutASIM - Title: web log fields Link: https://docs.fortinet.com/document/fortigate/7.4.0/fortios-log-message-reference/400992 - Title: Fortinet FortiGate CEF setup @@ -43,9 +43,6 @@ ParserParams: - Name: httpuseragent_has_any Type: dynamic Default: dynamic([]) - - Name: eventresultdetails_in - Type: dynamic - Default: dynamic([]) - Name: eventresult Type: string Default: '*' @@ -60,7 +57,6 @@ ParserQuery: | ipaddr_has_any_prefix:dynamic = dynamic([]), url_has_any:dynamic = dynamic([]), httpuseragent_has_any:dynamic = dynamic([]), - eventresultdetails_in:dynamic = dynamic([]), eventresult:string = '*', disabled:bool = false ){ @@ -110,12 +106,9 @@ ParserQuery: | "No match") | where ASimMatchingIpAddr != "No match" | project-away temp_* - | extend - EventResultDetails = "NA" - | where (array_length(eventresultdetails_in) == 0 or tostring(EventResultDetails) has_any(eventresultdetails_in)) | lookup EventLookup on DeviceAction | where (eventresult == '*' or EventResult =~ eventresult) - | project Activity,AdditionalExtensions,DestinationIP,DestinationPort,DeviceAction,DeviceInboundInterface,DeviceOutboundInterface,DeviceProduct,DeviceVersion,LogSeverity,Protocol,ReceivedBytes,SentBytes,SourceIP,SourcePort,TimeGenerated, DeviceExternalID, Type, _ItemId, Computer, EventResult, EventResultDetails, DvcAction, RequestURL, RequestContext, DestinationHostName, SourceHostName, SourceUserName, DestinationUserName, ASimMatchingIpAddr + | project Activity,AdditionalExtensions,DestinationIP,DestinationPort,DeviceAction,DeviceInboundInterface,DeviceOutboundInterface,DeviceProduct,DeviceVersion,LogSeverity,Protocol,ReceivedBytes,SentBytes,SourceIP,SourcePort,TimeGenerated, DeviceExternalID, Type, _ItemId, Computer, EventResult, DvcAction, RequestURL, RequestContext, DestinationHostName, SourceHostName, SourceUserName, DestinationUserName, ASimMatchingIpAddr, ApplicationProtocol | project-rename Url = RequestURL , UrlCategory = RequestContext @@ -132,9 +125,9 @@ ParserQuery: | , SrcInterfaceName = DeviceInboundInterface , SrcIpAddr = SourceIP , SrcPortNumber = SourcePort + , NetworkApplicationProtocol = ApplicationProtocol , DvcId = DeviceExternalID , EventUid = _ItemId - , DstHostname = DestinationHostName , SrcHostname = SourceHostName , SrcUsername = SourceUserName , DstUsername = DestinationUserName @@ -160,6 +153,7 @@ ParserQuery: | ['ad.agent']:string ) with (pair_delimiter=';', kv_delimiter='=') | parse AdditionalExtensions with * "x-forwarded-for=" HttpRequestXff:string ";" * + | invoke _ASIM_ResolveDstFQDN('DestinationHostName') | project-rename HttpReferrer = ['ad.referralurl'], HttpRequestMethod = ['ad.httpmethod'], @@ -175,7 +169,9 @@ ParserQuery: | ThreatOriginalRiskLevel = FortinetFortiGatecrscore, SrcPackets = FortinetFortiGatesentpkt, DstPackets = FortinetFortiGatercvdpkt - | parse AdditionalExtensions with * "Method=" temp_HttpRequestMethod "|User-Agent=" temp_HttpUserAgent ";" * + | extend + temp_HttpRequestMethod = extract(@"rawdata=.*?Method=(.*?)(?:\||\;|$)", 1, AdditionalExtensions), + temp_HttpUserAgent = extract(@"rawdata=.*?User-Agent=(.*?)(?:\||\;|$)", 1, AdditionalExtensions) | extend HttpRequestMethod = coalesce(temp_HttpRequestMethod,HttpRequestMethod), HttpUserAgent = coalesce(temp_HttpUserAgent,HttpUserAgent) @@ -187,6 +183,7 @@ ParserQuery: | , EventSchemaVersion = "0.2.6" , EventType = "HTTPsession" , EventVendor = "Fortinet" + , EventProduct = "Fortigate" , DvcIdType = "Other" , NetworkBytes = DstBytes + SrcBytes , EventEndTime = TimeGenerated @@ -209,4 +206,4 @@ ParserQuery: | Rule = tostring(RuleNumber) | project-away Protocol, AdditionalExtensions, NetworkProtocolNumber }; - parser (starttime=starttime, endtime=endtime, srcipaddr_has_any_prefix=srcipaddr_has_any_prefix, ipaddr_has_any_prefix=ipaddr_has_any_prefix, url_has_any=url_has_any, httpuseragent_has_any=httpuseragent_has_any, eventresultdetails_in=eventresultdetails_in, eventresult=eventresult, disabled=disabled) + parser (starttime=starttime, endtime=endtime, srcipaddr_has_any_prefix=srcipaddr_has_any_prefix, ipaddr_has_any_prefix=ipaddr_has_any_prefix, url_has_any=url_has_any, httpuseragent_has_any=httpuseragent_has_any, eventresult=eventresult, disabled=disabled) diff --git a/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_DataTest.csv b/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_DataTest.csv new file mode 100644 index 00000000000..b1d8329186a --- /dev/null +++ b/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_DataTest.csv @@ -0,0 +1,23 @@ +Result +"(0) Error: 30 invalid value(s) (up to 10 listed) in 29949 records (99.83%) for field [DstHostname] of type [Hostname]: [""mask.icloud.com"",""mask-h2.icloud.com"",""mask-api.icloud.com""] (Schema:WebSession)" +"(0) Error: 30 invalid value(s) (up to 10 listed) in 29949 records (99.83%) for field [Hostname] of type [Hostname]: [""mask.icloud.com"",""mask-h2.icloud.com"",""mask-api.icloud.com""] (Schema:WebSession)" +"(2) Info: Empty value in 1 records (0.0%) in optional field [UrlCategory] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [DstGeoCountry] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [DstPackets] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [DstUsername] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [DstZone] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [HttpReferrer] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [HttpRequestMethod] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [HttpRequestXff] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [HttpUserAgent] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [NetworkDuration] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [NetworkPackets] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [NetworkSessionId] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [RuleNumber] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [Rule] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [SrcGeoCountry] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [SrcPackets] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [SrcUsername] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [SrcZone] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in optional field [ThreatOriginalRiskLevel] (Schema:WebSession)" +"(2) Info: Empty value in 30000 records (100.0%) in recommended field [SrcHostname] (Schema:WebSession)" diff --git a/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_SchemaTest.csv b/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_SchemaTest.csv new file mode 100644 index 00000000000..a363bdcaf9b --- /dev/null +++ b/Parsers/ASimWebSession/Tests/Fortinet_FortiGate_ASimWebSession_SchemaTest.csv @@ -0,0 +1,103 @@ +Result +"(0) Error: Missing recommended alias [HttpStatusCode] aliasing existing column [EventResultDetails]" +"(1) Warning: Missing recommended field [ASimMatchingIpAddr]" +"(1) Warning: Missing recommended field [DvcDomain]" +"(1) Warning: Missing recommended field [DvcIpAddr]" +"(1) Warning: Missing recommended field [SrcDomain]" +"(2) Info: Missing optional alias [Hash] aliasing non-existent column [MD5|SHA1|SHA256|SHA512]" +"(2) Info: Missing optional alias [InnerVlanId] aliasing non-existent column [SrcVlanId]" +"(2) Info: Missing optional alias [OuterVlanId] aliasing non-existent column [DstVlanId]" +"(2) Info: Missing optional field [AdditionalFields]" +"(2) Info: Missing optional field [DstAppId]" +"(2) Info: Missing optional field [DstAppName]" +"(2) Info: Missing optional field [DstAppType]" +"(2) Info: Missing optional field [DstDescription]" +"(2) Info: Missing optional field [DstDeviceType]" +"(2) Info: Missing optional field [DstDomain]" +"(2) Info: Missing optional field [DstDvcId]" +"(2) Info: Missing optional field [DstFQDN]" +"(2) Info: Missing optional field [DstGeoCity]" +"(2) Info: Missing optional field [DstGeoLatitude]" +"(2) Info: Missing optional field [DstGeoLongitude]" +"(2) Info: Missing optional field [DstGeoRegion]" +"(2) Info: Missing optional field [DstInterfaceGuid]" +"(2) Info: Missing optional field [DstMacAddr]" +"(2) Info: Missing optional field [DstNatIpAddr]" +"(2) Info: Missing optional field [DstNatPortNumber]" +"(2) Info: Missing optional field [DstOriginalUserType]" +"(2) Info: Missing optional field [DstUserId]" +"(2) Info: Missing optional field [DstUserType]" +"(2) Info: Missing optional field [DstVlanId]" +"(2) Info: Missing optional field [DvcDescription]" +"(2) Info: Missing optional field [DvcFQDN]" +"(2) Info: Missing optional field [DvcInboundInterface]" +"(2) Info: Missing optional field [DvcMacAddr]" +"(2) Info: Missing optional field [DvcOutboundInterface]" +"(2) Info: Missing optional field [DvcScopeId]" +"(2) Info: Missing optional field [DvcScope]" +"(2) Info: Missing optional field [DvcZone]" +"(2) Info: Missing optional field [EventOriginalResultDetails]" +"(2) Info: Missing optional field [EventOriginalSubType]" +"(2) Info: Missing optional field [EventOriginalType]" +"(2) Info: Missing optional field [EventOriginalUid]" +"(2) Info: Missing optional field [EventOwner]" +"(2) Info: Missing optional field [EventReportUrl]" +"(2) Info: Missing optional field [EventSubType]" +"(2) Info: Missing optional field [FileContentType]" +"(2) Info: Missing optional field [FileMD5]" +"(2) Info: Missing optional field [FileName]" +"(2) Info: Missing optional field [FileSHA1]" +"(2) Info: Missing optional field [FileSHA256]" +"(2) Info: Missing optional field [FileSHA512]" +"(2) Info: Missing optional field [FileSize]" +"(2) Info: Missing optional field [HttpContentFormat]" +"(2) Info: Missing optional field [HttpContentType]" +"(2) Info: Missing optional field [HttpCookie]" +"(2) Info: Missing optional field [HttpHost]" +"(2) Info: Missing optional field [HttpIsProxied]" +"(2) Info: Missing optional field [HttpRequestBodyBytes]" +"(2) Info: Missing optional field [HttpRequestCacheControl]" +"(2) Info: Missing optional field [HttpRequestHeaderCount]" +"(2) Info: Missing optional field [HttpRequestTime]" +"(2) Info: Missing optional field [HttpResponseBodyBytes]" +"(2) Info: Missing optional field [HttpResponseCacheControl]" +"(2) Info: Missing optional field [HttpResponseExpires]" +"(2) Info: Missing optional field [HttpResponseHeaderCount]" +"(2) Info: Missing optional field [HttpResponseTime]" +"(2) Info: Missing optional field [HttpVersion]" +"(2) Info: Missing optional field [NetworkConnectionHistory]" +"(2) Info: Missing optional field [NetworkDirection]" +"(2) Info: Missing optional field [NetworkIcmpCode]" +"(2) Info: Missing optional field [NetworkIcmpType]" +"(2) Info: Missing optional field [RuleName]" +"(2) Info: Missing optional field [SrcAppId]" +"(2) Info: Missing optional field [SrcAppName]" +"(2) Info: Missing optional field [SrcAppType]" +"(2) Info: Missing optional field [SrcDescription]" +"(2) Info: Missing optional field [SrcDeviceType]" +"(2) Info: Missing optional field [SrcDvcId]" +"(2) Info: Missing optional field [SrcFQDN]" +"(2) Info: Missing optional field [SrcGeoCity]" +"(2) Info: Missing optional field [SrcGeoLatitude]" +"(2) Info: Missing optional field [SrcGeoLongitude]" +"(2) Info: Missing optional field [SrcGeoRegion]" +"(2) Info: Missing optional field [SrcInterfaceGuid]" +"(2) Info: Missing optional field [SrcMacAddr]" +"(2) Info: Missing optional field [SrcNatIpAddr]" +"(2) Info: Missing optional field [SrcNatPortNumber]" +"(2) Info: Missing optional field [SrcOriginalUserType]" +"(2) Info: Missing optional field [SrcUserId]" +"(2) Info: Missing optional field [SrcUserType]" +"(2) Info: Missing optional field [SrcVlanId]" +"(2) Info: Missing optional field [ThreatCategory]" +"(2) Info: Missing optional field [ThreatConfidence]" +"(2) Info: Missing optional field [ThreatField]" +"(2) Info: Missing optional field [ThreatFirstReportedTime]" +"(2) Info: Missing optional field [ThreatId]" +"(2) Info: Missing optional field [ThreatIpAddr]" +"(2) Info: Missing optional field [ThreatIsActive]" +"(2) Info: Missing optional field [ThreatLastReportedTime]" +"(2) Info: Missing optional field [ThreatName]" +"(2) Info: Missing optional field [ThreatOriginalConfidence]" +"(2) Info: Missing optional field [ThreatRiskLevel]" +"(2) Info: Missing optional field [UrlOriginal]" diff --git a/Sample Data/ASIM/Fortinet_Fortigate_WebSession_IngestedLogs.csv b/Sample Data/ASIM/Fortinet_Fortigate_WebSession_IngestedLogs.csv new file mode 100644 index 00000000000..18792bdb5f3 --- /dev/null +++ b/Sample Data/ASIM/Fortinet_Fortigate_WebSession_IngestedLogs.csv @@ -0,0 +1,31 @@ +TenantId,"TimeGenerated [UTC]",DeviceVendor,DeviceProduct,DeviceVersion,DeviceEventClassID,Activity,LogSeverity,AdditionalExtensions,DeviceAction,Protocol,ApplicationProtocol,DeviceExternalID,DeviceInboundInterface,DeviceOutboundInterface,DestinationHostName,DestinationPort,DestinationIP,DeviceName,Message,SourceIP,Computer,RequestURL,Type +"test-tenant-id","12/2/2024, 5:35:25.263 PM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0316013056,"webfilter utm passthrough",5,"start=Dec 02 2024 18:35:21;logver=700140601;vd=root;eventtime=1733160922753130687;tz=""+0100"";logid=0315012545;subtype=webfilter;eventtype=urlfilter;deviceSeverity=information;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=CONNECT|User-Agent=Mozilla/5.0 (Linux Android 10 K) AppleWebKit/537.36 (KHTML like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36",passthrough,6,HTTPS,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","accounts.google.com",443,"146.59.231.198","test-host","URL was exempted because it is in the URL filter list","192.168.1.2","test-host","https://accounts.google.com/",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:54:59.935 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 10:54:58;logver=700140601;vd=root;eventtime=1733738099387945126;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","www.google.eu",80,"142.250.200.3","test-host","URL belongs to an allowed category in policy","192.168.1.5","test-host","http://www.google.eu/",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:57.662 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:56;logver=700140601;vd=root;eventtime=1733738576673815547;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.65.227","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:57.662 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:56;logver=700140601;vd=root;eventtime=1733738576673815547;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.65.227","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:57.662 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:56;logver=700140601;vd=root;eventtime=1733738576673815547;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.65.227","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:54:58.821 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0318012801,"webfilter utm passthrough",6,"start=Dec 09 2024 10:54:57;logver=700140601;vd=root;eventtime=1733738097548935397;tz=""+0100"";logid=0318012801;subtype=webfilter;eventtype=ftgd_err;deviceSeverity=warning;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"172.217.168.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:54:58.821 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0318012801,"webfilter utm passthrough",6,"start=Dec 09 2024 10:54:57;logver=700140601;vd=root;eventtime=1733738097548935397;tz=""+0100"";logid=0318012801;subtype=webfilter;eventtype=ftgd_err;deviceSeverity=warning;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"172.217.168.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:20.139 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:18;logver=700140601;vd=root;eventtime=1733738539033428721;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=HEAD|User-Agent=Mozilla/5.0 (X11 Linux aarch64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/90.0.4430.225 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.187.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:01.276 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:01:58;logver=700140601;vd=root;eventtime=1733738518753360834;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","gstatic.com",80,"172.217.17.67","test-host","URL belongs to an allowed category in policy","192.168.2.10","test-host","http://gstatic.com/",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:58.897 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:52;logver=700140601;vd=root;eventtime=1733738577040919079;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.187.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:59.044 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 20:02:54;logver=700140601;vd=root;eventtime=1733738576522657421;tz=""+1000"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.66.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:52.496 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:48;logver=700140601;vd=root;eventtime=1733738570438330090;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apple.com",80,"184.28.84.242","test-host","URL belongs to an allowed category in policy","192.168.50.2","test-host","http://apple.com/",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:57:56.865 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0315012545,"webfilter utm passthrough",4,"start=Dec 09 2024 10:57:51;logver=700140601;vd=root;eventtime=1733738273866871021;tz=""+0100"";logid=0315012545;subtype=webfilter;eventtype=urlfilter;deviceSeverity=information;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","captive.apple.com",80,"184.28.84.242","test-host","URL belongs to an allowed category in policy","192.168.7.2","test-host","http://captive.apple.com/",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:06.245 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:04;logver=700150632;vd=root;eventtime=1733738525613152583;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (Windows NT 10.0 Win64 x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","edge-http.microsoft.com",80,"13.107.6.158","test-host","URL belongs to an allowed category in policy","192.168.70.8","test-host","http://edge-http.microsoft.com/captiveportal/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 10:02:58.897 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 11:02:52;logver=700140601;vd=root;eventtime=1733738577040919079;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","connectivitycheck.gstatic.com",80,"142.250.187.195","test-host","URL belongs to an allowed category in policy","192.168.1.2","test-host","http://connectivitycheck.gstatic.com/generate_204",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:54:59.935 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 10:54:58;logver=700140601;vd=root;eventtime=1733738099387945126;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","www.google.eu",80,"142.250.200.3","test-host","URL belongs to an allowed category in policy","192.168.1.5","test-host","http://www.google.eu/",CommonSecurityLog +"test-tenant-id","12/9/2024, 9:54:59.935 AM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0317013312,"webfilter utm passthrough",5,"start=Dec 09 2024 10:54:58;logver=700140601;vd=root;eventtime=1733738099387945126;tz=""+0100"";logid=0317013312;subtype=webfilter;eventtype=ftgd_allow;deviceSeverity=notice;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;rawdata=Method=GET|User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",passthrough,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","www.google.eu",80,"142.250.200.3","test-host","URL belongs to an allowed category in policy","192.168.1.8","test-host","http://www.google.eu/",CommonSecurityLog + +"test-tenant-id","1/17/2025, 12:42:44.113 PM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0316013056,"webfilter utm blocked",6,"start=Jan 17 2025 13:42:39;logver=700140601;vd=root;eventtime=1737117762101183062;tz=""+0100"";logid=0316013056;subtype=webfilter;eventtype=ftgd_blk;deviceSeverity=warning;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=Ireland;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;method=domain;rawdata=Method=GET|User-Agent=Dalvik/2.1.0 (Linux U Android 11 SM-G398FN Build/RP1A.200720.012)",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","vas.samsungapps.com",80,"54.171.6.170","test-host","URL belongs to a denied category in policy","192.168.1.123","test-host","http://vas.samsungapps.com/stub/stubUpdateCheck.as?appId=com.samsung.android.timezone.data_R&callerId=com.samsung.android.timezone.updater",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:44:04.992 PM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0316013056,"webfilter utm blocked",6,"start=Jan 17 2025 13:44:02;logver=700140601;vd=root;eventtime=1737117843843068354;tz=""+0100"";logid=0316013056;subtype=webfilter;eventtype=ftgd_blk;deviceSeverity=warning;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;method=domain;rawdata=Method=GET|User-Agent=User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","members.dyndns.org",80,"147.154.111.115","test-host-1","URL belongs to a denied category in policy","192.168.10.3","test-host-1","http://members.dyndns.org/nic/update?",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:43:17.795 PM",Fortinet,"FortiGate-101E","7.0.14,build0601 (GA)",0316013056,"webfilter utm blocked",6,"start=Jan 17 2025 13:43:13;logver=700140601;vd=root;eventtime=1737117793266256995;tz=""+0100"";logid=0316013056;subtype=webfilter;eventtype=ftgd_blk;deviceSeverity=warning;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=Italy;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;method=domain;rawdata=Method=GET|User-Agent=Dalvik/2.1.0 (Linux U Android 10 Infinix X657C Build/QP1A.190711.020)",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","cdn2.palmplaystore.com",80,"108.156.2.5","test-host","URL belongs to a denied category in policy","192.168.10.2","test-host","http://cdn2.palmplaystore.com/static/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:43:13.541 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:43:11;logver=700140601;vd=root;eventtime=1737117791693404190;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host-0","URL was blocked because it is in the URL filter list","192.168.10.10","test-host-0","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:41:00.517 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:40:58;logver=700140601;vd=root;eventtime=1737117659303179290;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host","URL was blocked because it is in the URL filter list","192.168.11.2","test-host","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:41:00.517 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:40:58;logver=700140601;vd=root;eventtime=1737117659303179290;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host","URL was blocked because it is in the URL filter list","192.168.11.2","test-host","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:41:00.517 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:40:58;logver=700140601;vd=root;eventtime=1737117659303179290;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host","URL was blocked because it is in the URL filter list","192.168.11.2","test-host","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:41:00.517 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:40:58;logver=700140601;vd=root;eventtime=1737117659303179290;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host","URL was blocked because it is in the URL filter list","192.168.11.2","test-host","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:44:45.476 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:44:42;logver=700140601;vd=root;eventtime=1737117883815016430;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","spotify.com",80,"35.186.224.24",test-host,"URL was blocked because it is in the URL filter list","192.168.1.125","test-host","http://spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:44:03.717 PM",Fortinet,"FortiGate-101F","7.0.14,build0601 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:44:01;logver=700140601;vd=root;eventtime=1737117842461868550;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=United States;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=GET",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","apresolve.spotify.com",80,"35.186.224.24","test-host","URL was blocked because it is in the URL filter list","192.168.2.126","test-host","http://apresolve.spotify.com/",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:45:34.181 PM",Fortinet,"FortiGate-101E","7.0.15,build0632 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:45:32;logver=700150632;vd=root;eventtime=1737117933643454960;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=Germany;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=POST|Request-Content-Type=application/x-www-form-urlencoded|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","global.quickconnect.to",80,"3.79.215.191","test-host-2","URL was blocked because it is in the URL filter list","192.168.70.123","test-host-2","http://global.quickconnect.to/Serv.php",CommonSecurityLog +"test-tenant-id","1/17/2025, 12:45:34.181 PM",Fortinet,"FortiGate-101E","7.0.15,build0632 (GA)",0315012544,"webfilter utm blocked",6,"start=Jan 17 2025 13:45:32;logver=700150632;vd=root;eventtime=1737117933643454960;tz=""+0100"";logid=0315012544;subtype=webfilter;eventtype=urlfilter;deviceSeverity=warning;urlfilteridx=1;urlfilterlist=filterlist;policyid=000;poluuid=00000000-0000-0000-0000-000000000000;policytype=policy;externalID=000000000;srccountry=Reserved;srcintfrole=lan;srcuuid=00000000-0000-0000-0000-000000000000;dstcountry=Germany;dstintfrole=wan;dstuuid=00000000-0000-0000-0000-000000000000;profile=Webfilter;reqtype=direct;direction=outgoing;urlsource=Local URLfilter Block;crscore=30;craction=8;crlevel=high;rawdata=Method=POST|Request-Content-Type=application/x-www-form-urlencoded|User-Agent=Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/60.0.3112.32 Safari/537.36",blocked,6,HTTP,"test-fortigate-device","test-inbound-vlan","test-outbound-vlan","global.quickconnect.to",80,"3.79.215.191","test-host-2","URL was blocked because it is in the URL filter list","192.168.70.123","test-host-2","http://global.quickconnect.to/Serv.php",CommonSecurityLog