Fortiweb is a kind of web application firewall that is produced by Fortinet company. Unlike Fortigate, Fortimail, Forticlient, Forti analyzer and other FortiOS based products. Unfortunately There is no effective integration package to Fortiweb in Elasticsearch 8.5 till now. we have tried on all Fortinet Integration Packages but only traffic logs was parsed by those and attack logs remain unknown , so the best practice is to set Fortiweb syslog configuration to send its logs to Elastic-search in CEF format and in other hand use CEF integration for parsing Fortiweb logs.
