Stay organized with collections
Save and categorize content based on your preferences.
Change log for ARUBA_CENTRAL
Date
Changes
2025-03-24
Enhancement:
- Added support to parse JSON log format.
- Mapped "id" to "metadata.product_log_id".
- Mapped "cid" to "principal.user.product_object_id".
- Mapped "alert_type" to "metadata.product_event_type".
- Mapped "device_id" to "principal.user.userid".
- Mapped "details.user" to "principal.user.userid".
- Mapped "details.group_name" to "principal.group.group_display_name".
- Mapped "details.config_change" to "security_result.summary".
- Mapped "description" to "security_result.description".
- Mapped "target_userid" to "target.user.userid".
- Mapped "target_mac" to "target.mac".
- Mapped "princ_mac" to "principal.mac".
- Mapped "network_ssid" to "network.session_id".
- Mapped "cluster_hostname" to "principal.hostname".
- Mapped "timestamp" to "metadata.event_timestamp".
- Mapped "__base_url" to "metadata.url_back_to_product".
- Mapped "state" to "security_result.detection_fields".
- Mapped "nid" , "setting_id" , "details.dev_type" , "webhook" and "operation" to "additional.fields".
- Mapped "details.group" to "principal.group.product_object_id".
- Mapped "details.labels" to "security_result.about.labels".
- If "severity" in "CRITICAL" , "MAJOR" then map "severity" as "CRITICAL" to "security_result.severity".
- Added conditional check if "alert_type" is "DEVICE_CONFIG_CHANGE_DETECTED" then map "event_type" to "USER_RESOURCE_UPDATE_CONTENT".
- Enhanced validation check for "datetime" , "host" , "app" , "pid" , "desc" , "userid" , "amm" and "event_data" before mapping them.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eA new parser for ARUBA_CENTRAL has been created.\u003c/p\u003e\n"],["\u003cp\u003eThe parser update was implemented on December 5th, 2024.\u003c/p\u003e\n"]]],[],null,["Change log for ARUBA_CENTRAL\n\n| Date | Changes |\n|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 2025-03-24 | Enhancement: - Added support to parse JSON log format. - Mapped \"id\" to \"metadata.product_log_id\". - Mapped \"cid\" to \"principal.user.product_object_id\". - Mapped \"alert_type\" to \"metadata.product_event_type\". - Mapped \"device_id\" to \"principal.user.userid\". - Mapped \"details.user\" to \"principal.user.userid\". - Mapped \"details.group_name\" to \"principal.group.group_display_name\". - Mapped \"details.config_change\" to \"security_result.summary\". - Mapped \"description\" to \"security_result.description\". - Mapped \"target_userid\" to \"target.user.userid\". - Mapped \"target_mac\" to \"target.mac\". - Mapped \"princ_mac\" to \"principal.mac\". - Mapped \"network_ssid\" to \"network.session_id\". - Mapped \"cluster_hostname\" to \"principal.hostname\". - Mapped \"timestamp\" to \"metadata.event_timestamp\". - Mapped \"__base_url\" to \"metadata.url_back_to_product\". - Mapped \"state\" to \"security_result.detection_fields\". - Mapped \"nid\" , \"setting_id\" , \"details.dev_type\" , \"webhook\" and \"operation\" to \"additional.fields\". - Mapped \"details.group\" to \"principal.group.product_object_id\". - Mapped \"details.labels\" to \"security_result.about.labels\". - If \"severity\" in \"CRITICAL\" , \"MAJOR\" then map \"severity\" as \"CRITICAL\" to \"security_result.severity\". - Added conditional check if \"alert_type\" is \"DEVICE_CONFIG_CHANGE_DETECTED\" then map \"event_type\" to \"USER_RESOURCE_UPDATE_CONTENT\". - Enhanced validation check for \"datetime\" , \"host\" , \"app\" , \"pid\" , \"desc\" , \"userid\" , \"amm\" and \"event_data\" before mapping them. |\n| 2024-12-05 | Newly created parser. |"]]
