Fortinet FortiGate WebSession Parsers Parsing Fix & Additions

[t-pol]

Required items, please complete

Change(s):

• Update kql ASimWebSessionFortinetFortiGate.yaml
• Update kql vimWebSessionFortinetFortiGate.yaml

Reason for Change(s):

• When there is no User Agent string in AdditionalExtensions, the parsing of HttpRequestMethod fails.
  Incorrect parsing of HttpRequestMethod and HttpUserAgent.
  

• Adding NetworkApplicationProtocol field in the project-rename. (Optional field in the parser, but it exists in FortiGate logs)

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• No

[t-pol]

@microsoft-github-policy-service agree

[v-atulyadav]

Hi @t-pol,
PR is having validation failures please check. Thanks

[v-atulyadav]

Hi @t-pol,
Please investigate the failed validations. Thanks

[t-pol]

The issues have been fixed. Thanks

[v-atulyadav]

Thanks @t-pol.

[t-pol]

Hello, is there any feedback regarding the parser ?

[Alekhya0824]

can you please add tester files after testing
this is the documentation to add schema tester and data tester https://learn.microsoft.com/en-us/azure/sentinel/normalization-develop-parsers#test-parsers
These schema tester and data tester files can add under Tests files

[v-atulyadav]

Hi @t-pol, please check above comments from @Alekhya0824 and act accordingly. Thanks

[v-atulyadav]

Hi @t-pol,
Please respond on above asks. Thanks

[t-pol]

Results of tests have been uploaded. Thanks

[v-atulyadav]

Thanks @t-pol.

[t-pol]

Hello, is there any feedback regarding the parser ?

[vakohl]

hi @t-pol We have made some changes to our github validation script, can you please pull latest changes from upstream repo?

[t-pol]

The changes have been merged.

[t-pol]

Hello @vakohl , Is there any feedback regarding this ?

[vakohl]

Hello @vakohl , Is there any feedback regarding this ?

Hi @t-pol , thanks for the change suggestion. We'll add the change you suggested along with few other minor corrections. Please see my comments

[v-atulyadav]

Hi @t-pol,
Kindly review the comments provided by @vakohl above and take the necessary actions. Thanks

[v-atulyadav]

Hi @t-pol,
I would appreciate it if you could assess the remarks made by @vakohl above and implement the necessary measures. Thanks

[vakohl]

@t-pol Can you please help attaching sample data for the parser? You can anonymize data before uploading

[vakohl]

@t-pol Can you please help attaching sample data for the parser? You can anonymize data before uploading

Validations are failing due to this

[v-atulyadav]

Hi @t-pol,
We are looking forward to receiving an update on this PR. Thanks

[v-atulyadav]

Hi @t-pol,
We are keen to hear any updates concerning this PR. Thanks