Stay organized with collections
Save and categorize content based on your preferences.
Change log for ARUBA_EDGECONNECT_SDWAN
Date
Changes
2024-06-10
Enhancement:
- Added a Grok pattern to parse the new pattern of SYSLOG format logs.
- Mapped "summary" to "security_result.summary".
- Mapped "userid" to "principal.user.userid".
- Mapped "hostname" to "target.hostname" and "target.asset.hostname".
- Mapped "command" to "principal.process.command_line".
- Mapped "principal_ip" to "principal.asset.ip" and "principal.asset.ip".
- When "userid", "hostname" are present, and "description" is nearly equal to "login", then set "metadata.event_type" to "USER_LOGIN".
- When "principal_present" is true, then set "metadata.event_type" to "STATUS_UPDATE".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["This document outlines the change log for ARUBA_EDGECONNECT_SDWAN, detailing updates and enhancements."],["On June 10, 2024, a new Grok pattern was added to parse SYSLOG format logs, alongside several field mappings such as \"summary\" to \"security_result.summary\" and \"userid\" to \"principal.user.userid\"."],["The June 2024 update includes setting \"metadata.event_type\" to \"USER_LOGIN\" when specific conditions related to user login are met, and to \"STATUS_UPDATE\" when \"principal_present\" is true."],["The parser for this system was newly created as of May 3, 2023."]]],[]]
