I don't believe this is possible. An address group is a logical grouping of address objects on the FortiGate. Traffic and security logs generated by the FortiGate will only include IP and/or domain name of specific entries contained within the address group but will not make reference to the address group. Therefore I don't see how FAZ would be able to utilize the address group in filtering logs.
Do you know if there is a way to group subnets in the filter? Or what the limitation would be to include multiple subnets in one 'Source IP' filter?
Note that I have been trying to run the reports on multiple Policy ID's instead (is there also a limit?) and what exactly is the difference between: policyid | policy_id | poluuid? I see different results when running each one as a filter so I thought using the Address Group would fix this problem for me.. (Screenshot below for comparison)
Thank you in advance for your assistance, Kind Regards
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.