Stay organized with collections
Save and categorize content based on your preferences.
Change log for AZURE_NSG_FLOW
Date
Changes
2025-01-23
Enhancement:
- Added "gsub" to parse new type of logs.
- Mapped "record_flowLogGUID" to "metadata.product_log_id".
- Mapped "flow_aclID", "record_flowLogResourceID" to "security_result.detection_fields".
- Mapped "record_flowLogVersion" to "metadata.product_version".
- When "record_flowLogVersion" is "4" then mapped "trafficDecision_value" to "additional.fields".
- When "record_flowLogVersion" is "4" then mapped "flowstate" to "security_result.action".
2025-01-16
Enhancement:
- Changed "match" mapping from "record.time" to "time".
2024-11-26
Enhancement:
- Added support for new format of JSON logs.
2022-04-18
Enhancement-Added mappings for principal.ip in place of src.ip.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The change log for AZURE_NSG_FLOW documents enhancements and updates to the parsing and mapping of log data."],["On January 23, 2025, updates included parsing new log types using \"gsub\", mapping several fields to metadata and security results, and specific mappings based on \"record_flowLogVersion\"."],["On January 16, 2025, the mapping for \"match\" was changed from \"record.time\" to simply \"time\"."],["On November 26, 2024, support was added for a new format of JSON logs."],["On April 18, 2022, mappings for \"principal.ip\" were added in place of \"src.ip\"."]]],[]]
