Change log for CATO_NETWORKS
| Date | Changes |
|---|---|
| 2024-12-20 | - When "action" value is "MONITOR", "ALERT", "SUCCEEDED", "ALLOW", or "WHITELIST", then mapped "sr_action" to "ALLOW".
- When "action" value is "BLOCK" and "ACCESS_DENIED", then mapped "sr_action" to "BLOCK". - When "action" value is "FAILED", then mapped "sr_action" to "FAIL". - When "action" value is "PROMPT", then mapped "sr_action" to "CHALLENGE". - When there is no "action" value, then mapped "sr_action" to "UNKNOWN_ACTION". |
| 2024-11-15 | Enhancement -
- When "action" value is Monitor", "Alert", and "Succeeded", then mapped "security_result.action" to "ALLOW". - When "action" value is "Block" and "BLOCK", then mapped "security_result.action" to "BLOCK". |
| 2024-01-26 | Enhancement -
- Mapped "dest_port" to "target.port". - Mapped "os_type" to "principal.platform". - Mapped "pop_name" to "additional.fields". - Mapped "domain_name" to "principal.administrative_domain". - Mapped "account_id" to "target.user.userid". - Mapped "event_sub_type" to "metadata.description". - Mapped "rule_name" to "security_result.rule_name". - Mapped "rule_id" to "security_result.rule_id". - Mapped "user_id" to "principal.user.userid". - Mapped "http_host_name" to "principal.hostname" and "principal.asset.hostname". - Mapped "src_site_name", "event_type", "event_count", "dns_name", "insertionDate", "action", "subnet_name", "internalId", "src_site", "categories", "app_stack", "custom_categories", "ISP_name", and "rule" to "additional.fields". - Mapped "src_country_code" to "principal.resource.attribute.labels". - Mapped "dest_country_code" to "target.resource.attribute.labels". - Mapped "src_is_site_or_vpn", and "is_sanctioned_app" to "security_result.detection_fields". - Mapped "src_isp_ip" and "src_ip" to "src.ip" and "src.asset.ip". - Mapped "application" to "principal.application". - Mapped "ip_protocol" to "network.ip_protocol". - Mapped "src_country" and "sourceCountry" to "principal.location.country_or_region". - Mapped "dest_country" to "target.location.country_or_region". - Mapped "tar_ip" and "dest_ip" to "target.ip" and "target.asset.ip". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". |
| 2023-05-19 | Enhancement -
- Added support for new logs by mapping all fields under 'fieldsMap'. - Refactored code wherever possible. |