Multiple rules require updating to include the latest recommended Fortigate connector

[FJSte]

The Azure Sentinel solution Network Session Essentials analytic rule PortScan.yaml uses the deprecated Fortinet connector (connectorId: Fortinet) as a data source instead of the recommended FortinetAma connector. The FortinetAma connector (connectorId: FortinetAma) is available and should be used instead.

https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Session%20Essentials/Analytic%20Rules/PortScan.yaml

Only contains the deprecated connector as a data source

• connectorId: Fortinet
  dataTypes:
  • CommonSecurityLog

and not the recommended data connector

• connectorId: FortinetAma
  dataTypes:
  • CommonSecurityLog

From https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Fortinet%20FortiGate%20Next-Generation%20Firewall%20connector%20for%20Microsoft%20Sentinel/Data%20Connectors/template_Fortinet-FortiGateAma.json

I assume that there will be multiple analytics rules missing the now recommended connectorId: FortinetAma (47 files are currently reffering to the deprecated version) and 0 the newer connector.

[v-rusraut]

Hi @FJSte , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

[v-shukore]

Hi @FJSte, our team is currently working to fix this issue, but there is no ETA at the moment. Therefore, we are closing this issue. If you still need support, you can reopen the issue at any time. Thanks!