Change log for AIRWATCH
Date | Changes |
---|---|
2024-11-15 | Enhancement:
- Added Grok patterns for new types of logs. |
2024-10-17 | Enhancement:
- Added support for new types of logs. |
2024-10-07 | Enhancement:
- Added support for new type of logs. |
2024-09-23 | Enhancement:
- Added support to parse unparsed logs. |
2024-06-25 | Enhancement:
- Fixed the Grok pattern to map "username" to "principal.user.user_display_name". - Mapped "device_type" to "additional.fields". - Added the Grok patterns for new type of logs. |
2023-09-05 | Bug Fix:
- Added a Grok pattern to parse dropped logs. |
2023-05-05 | Bug Fix-
- Modified Grok pattern to parse dropped logs. |
2023-04-26 | Bug Fix-
- Added support for different type of syslog formatted logs. |
2022-12-27 | Bug Fix-
- Added support for different type of Syslog Format logs. - Added specific conditional checks to handle multiple 'event_name'. |
2022-09-02 | Enhancement-
- Wrote grok to parse the unparsed ccf format logs. |
2022-06-29 | Enhancement- Parsed log with event_name as "MergeGroupCompletedEvent"
- mapped "GroupManagementData" to "security_result.description". - mapped "EventSource", "EventModule" to "event.idm.read_only_udm.additional.fields". - mapped "cat" to "security_result.category_details". - modified "event.idm.read_only_udm.metadata.event_type" from "GENERIC_EVENT" to "USER_UNCATEGORIZED" in case either of "principal.user.userid" or "target.user.userid" is present. |
2022-06-20 | Enhancement- Event Category mapped to _udm.additional.fields(event_category)
Added event type GENERIC_EVENT for SecurityInformation, SecurityInformationConfirmed(event_name) to handle unparse log |