Change log for AKAMAI_WAF
| Date | Changes |
|---|---|
| 2025-04-29 | Enhancement:
- Added a for loop for field "ftechWithSub". - Added a Grok pattern for field "fecthdata". - `event.idm.read_only_udm.principal.ip`: Newly mapped "princip_ip" raw log field with event.idm.read_only_udm.principal.ip and event.idm.read_only_udm.principal.asset.ip UDM field. - `event.idm.read_only_udm.principal.hostname`: Newly mapped "princip_host" raw log field with event.idm.read_only_udm.principal.hostname and event.idm.read_only_udm.principal.asset.hostname UDM field. - `event.idm.read_only_udm.network.tls.version`: Newly mapped "tls_Version" raw log field with event.idm.read_only_udm.network.tls.version UDM field. - `event.idm.read_only_udm.target.url`: Newly mapped "req_Path" raw log field with event.idm.read_only_udm.target.url UDM field. - `event.idm.read_only_udm.network.http.method`: Newly mapped "res_method" raw log field with event.idm.read_only_udm.network.http.method UDM field. - `event.idm.read_only_udm.network.http.response_code`: Newly mapped "rescode" raw log field with event.idm.read_only_udm.network.http.response_code UDM field. - `event.idm.read_only_udm.target.application`: Newly mapped "rsp_contenttype" raw log field with event.idm.read_only_udm.target.application UDM field. - `event.idm.read_only_udm.network.session_id`: Newly mapped "reqid" raw log field with event.idm.read_only_udm.network.session_id UDM field. - `event.idm.read_only_udm.network.application_protocol`: Newly mapped "protocol" raw log field with event.idm.read_only_udm.network.application_protocol UDM field for HTTPS. |
| 2025-01-06 | Enhancement:
-Mapped "httpMessage.status" to "network.http.response_code". -Mapped "httpMessage.requestId to "network.session_id". -Mapped "attackData.ruleTags" to "security_result.rule_set". -Mapped "httpMessage.method" to "network.http.method". -Mapped "httpMessage.bytes" to "network.received_bytes". -Mapped "httpMessage.port" to "target.port". -Added a Grok pattern to parse "httpMessage.requestHeaders". -Mapped "httpMessage.requestHeaders" to "security_result.detection_fields". -Mapped "httpMessage.query" to "security_result.detection_fields" -Mapped "httpMessage.tls" to "network.tls.version". -Mapped "version" to "metadata.product_version". -Mapped "format" to "additional.fields". -Mapped "httpMessage.protocol" to "network.application_protocol". -Mapped "attackData.ruleMessages" to "security_result.description". -Mapped "attackData.clientIP" to "principal.ip" and "principal.asset.ip". -Mapped "httpMessage.path" to "target.url". -Mapped "httpMessage.host" to "principal.hostname" and "principal.asset.hostname". -Mapped "attackData.rules" to "security_result.rule_name". -Mapped "attackData.ruleActions" to "security_result.action_details". -Mapped "attackData.policyId" to "security_result.rule_id". -Mapped "attackData.configId" to "additional.fields". -Mapped "geo.country" to "principal.location.country_or_region". -Mapped "geo.city" to "principal.location.city". -Mapped "httpMessage.start" to "metadata.event_timestamp". |
| 2024-12-27 | Enhancement:
- Mapped "httpMessage.requestHeaders" and "httpMessage.responseHeaders" to "security_result.detection_fields". - Mapped "geo.redgionCode" and "geo.continent" to "principal.resource.attribute.labels". |
| 2024-09-10 | Enhancement
- Mapped "attackData.ruleActions" to "security_result.action_details". |
| 2024-05-21 | Enhancement
- Mapped "rules.data" to "security_result.detection_fields". - Mapped "rules.action", "rules.selector", and "rules.version" to "security_result.action_details". - Mapped "rules.id" to "security_result.rule_id", - Mapped "rules.tag" to "security_result.category_details". - Mapped "rules.message" to "security_result.threat_name". |
| 2024-03-01 | Enhancement
- Mapped "attackData.configId" to "metadata.product_log_id" and "security_result.detection_fields". |
| 2023-10-27 | Enhancement
- Mapped "rule.id" to "security_result.rule_id". - When "httpMessage.host" is not present, changed value set in "metadata.event_type" from "NETWORK_HTTP" to "GENERIC_EVENT". - Added support to parse "attackData" when "attackData.rules" is an array. |
| 2023-04-24 | Enhancement
- Parsed logs ingested in CEF format. |
| 2023-04-04 | Enhancement
- Mapped 'reqHost' to 'target.hostname'. - Mapped 'reqPort' to 'target.port'. - Mapped 'reqPath' to 'target.url'. - Mapped 'reqId' to 'network.session_id'. - Mapped 'statusCode' to 'network.http.response_code'. - Mapped 'reqMethod' to 'network.http.method'. - Mapped 'UA' to 'network.http.user_agent'. - Mapped 'bytes' to 'network.sent_bytes'. - Mapped 'reqMethod' to 'network.http.method'. - Parsed failing logs in syslog format. - Added condition checks for 'attackData.rules' for proper parsing. - Modified 'metadata.event_type' to 'NETWORK_HTTP' from 'STATUS_UPDATE' wherever possible. |
| 2022-11-07 | Enhancement
- update SecurityRules to check ["-"] also in data. |
| 2022-08-12 | Enhancement
- Mapped "security_policy_id" to security_result.rule_name. - Mapped "non_deny_rules" to security_result.about.resource.attribute.labels. - Mapped "deny_rule_format" to security_result.about.resource.attribute.labels. |
| 2022-06-14 | Enhancement-
Mapped proto to security_result.summary. Mapped securityRules to security_result.rule_name. Mapped city to principal.location.city. Mapped country to principal.location.country_or_region. Mapped cliIP to principal.ip. Mapped cp to event.idm.read_only_udm.additional.fields. Mapped reqId to metadata.product_log_id. Mapped rspContentType to target.file.mime_type. Mapped state to target.user.personal_address.state. Mapped version to principal.asset.software.version. |
| 2022-06-14 | Enhancement-
Mapped proto to security_result.summary. Mapped securityRules to security_result.rule_name. Mapped city to principal.location.city. Mapped country to principal.location.country_or_region. Mapped cliIP to principal.ip. Mapped cp to event.idm.read_only_udm.additional.fields. Mapped reqId to metadata.product_log_id. Mapped rspContentType to target.file.mime_type. Mapped state to target.user.personal_address.state. Mapped version to principal.asset.software.version. |
| 2022-03-23 | Bugfix-Fix for failed to parse data with all match patterns.
Added mappings for new fields. eventId mapped to metadata.product_log_id. eventDefinitionId mapped to target.resource.product_object_id. eventDescription mapped to metadata.description. eventName mapped to metadata.product_event_type. eventTypeName mapped to additional.fields. eventTypeId mapped to additional.fields. eventData mapped to additional.fields. |