Change log for AWS_NETWORK_FIREWALL
| Date | Changes |
|---|---|
| 2025-03-12 | - Added support for new JSON log format.
- Mapped "Connection_info.Protocol_num" to "network.ip_protocol". - Mapped "Activity_id" to "metadata.product_log_id". - Mapped "Activity_id", "Activity_name" to "metadata.product_event_type". - Mapped "Tls.Version" to "network.tls.version". - Mapped "Unmapped.Sni" to "network.tls.client.server_name". - Mapped "Metadata.Version" to "metadata.product_version". - Mapped "Connection_info.Uid", "Metadata.Product.Feature.Name", "Unmapped.App_proto" "Unmapped.Rev", "Unmapped.Category", "Unmapped.Tls_inspected", "Unmapped.Signature_id, "Metadata.Profiles", "Class_name", and "Class_uid" to "additional.fields". - Mapped "Unmapped.Suricata_severity" to "security_result.severity_details". - Mapped "Unmapped.Action" to "security_result.action". - Mapped "Src_endpoint.Ip" to "principal.ip" and "principal.asset.ip". - Mapped "Dst_endpoint.Ip" to "target.ip" and "target.asset.ip". - Mapped "Src_endpoint.Port" to "principal.port". - Mapped "Dst_endpoint.Port" to "target.port". - Mapped "sr_action" to "security_result.action". - Mapped "Category_name" to "security_result.category_details". - Mapped "Category_uid" to "security_result.category_details". - Mapped "Severity" to "security_result.severity_details". - Mapped "Type_uid" to "security_result.detection_fields". |
| 2024-11-28 | - Added support for new JSON log format.
- Changed mapping of "firewall_name" field from "metadata.product_event_type" to "target.resource.attribute.labels". |
| 2023-05-05 | - Newly created parser.
|