Change log for ARUBA_SWITCH
Date | Changes |
---|---|
2025-08-21 | Enhancement:
- Added a Grok pattern to parse new pattern of logs. - event.idm.read_only_udm.principal.ip and event.idm.read_only_udm.principal.asset.ip: Newly mapped `hostname` raw log field with `event.idm.read_only_udm.principal.ip` and `event.idm.read_only_udm.principal.asset.ip` UDM fields. - event.idm.read_only_udm.additional.fields: Newly mapped `log_id`, `priority` and `facility` raw log fields with `event.idm.read_only_udm.additional.fields` UDM field. - Modified `sys_time` date pattern to support new pattern of timestamp. |
2025-05-26 | Enhancement:
- Added grok patterns to support new pattern of SYSLOG logs. - event.idm.read_only_udm.security_result.action_details: Newly mapped `status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM field. - Changed `event_type` from `NETWORK_CONNECTION` to `STATUS_UPDATE` when target machine data is not available. - Added support for new pattern of timestamp. - Added a grok pattern to parse new pattern of description field. - Modified the `if` condition for `user_id` raw_field. - Removed the setting of `has_target` as `true`, if there is no target machine data. |
2024-11-14 | Enhancement:
- Mapped "severity" to "security_result.severity". |
2024-10-29 | Enhancement:
- Modified grok pattern to parse "severity" and "amm" fields. |
2024-10-16 | Enhancement:
- Added support for new format of SYSLOG logs. - Changed mapping of "userid" from "principal.user.userid" to "target.user.userid". - Based on the log description, set "metadata.event_type" as "USER_LOGIN" or "USER_LOGOUT" or "NETWORK_CONNECTION". - Based on the log description, set "security_result.action" as "ALLOW" or "BLOCK". |
2024-09-17 | Enhancement:
- Added support for a new pattern of SYSLOG logs. |
2024-04-18 | - Newly created parser.
|