When a user has web applications in the WAF configuration of FortiAppSec Cloud, it is wanted to configure exporting attack logs to a log server by accessing Log Settings -> Attack Log Export -> Add Log Server. However, the Export Options may not be able to be changed:

This is related to the user which access to FortiAppSec Cloud management, specifically with the IAM user read/write permissions for FortiAppSec Cloud settings. This can be checked by accessing FortiCloud with the master user account and then going to Services -> Assets & Accounts -> IAM:

Select the IAM user that has access to FortiAppSec Cloud in Users:

Check the FortiAppSec Cloud permissions in the configured Permission Profile and use for this user. Resource 'WAF - Settings' should be in 'Read & Write':

To change this setting, go to Permission Profiles and choose the used Profile:

Select 'Edit' to modify the permissions:

Go to 'FortiAppSec Cloud' and in 'WAF - Settings' select 'Read & Write'. When it's ready, select 'Update.':

Access again to FortiAppSec Cloud. All Log parameters (Log Format, Log Severity, and Log Facility) in Export options should be able to be changed:

If the user has the 'WAF - Settings' permissions in 'Read & Write' and still cannot modify the Log parameters, open a TAC support ticket to check the situation.