Stay organized with collections
Save and categorize content based on your preferences.
Change log for CISCO_ESTREAMER
Date
Changes
2025-02-13
Enhancement:
- Changed mapping for "request" from "network.http.referral_url" to "target.url".
- Added a new Grok pattern to handle edge cases for parsing domain name from "request".
2024-11-28
Enhancement:
- Changed the mapping of "hostname" from "principal.hostname" to "intermediary.hostname".
- Changed the mapping of "dvchost" from "target.hostname" to "intermediary.hostname".
- Mapped "destinationDnsDomain" to "target.hostname" and "target.asset.hostname".
- Added event_types "NETWORK_HTTP", "NETWORK_DHCP", and "NETWORK_DNS".
2024-06-21
Enhancement:
- Mapped "app" to "network.application_protocol".
2024-06-20
Enhancement:
- Mapped "request" to "network.http.referral_url".
- Mapped "fsize" to "target.file.size".
- Mapped "fileHash" to "target.file.sha256".
- Mapped "fileType" to "target.file.mime_type".
- Mapped "fname" to "target.file.full_path".
- Mapped "deviceExternalId" to "principal.asset.asset_id".
- If "deviceDirection" is equal to "1" then mapped "network.direction" to "OUTBOUND" and if "deviceDirection" is equal to "0" then mapped "network.direction" to "INBOUND".
- Mapped "app" to "network.application_protocol".
- Mapped "destinationDnsDomain" to "network.dns.questions.name".
- Mapped "outcome" to "security_result.summary".
- If "act" is equal to "Malware Block" then mapped "security_result.action" to "BLOCK".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-13 UTC."],[[["The CISCO_ESTREAMER change log details updates to data mappings and parsing, enhancing the precision and breadth of data extracted from logs."],["Significant mapping changes have been made to fields such as \"request\", \"hostname\", \"dvchost\", and \"destinationDnsDomain\", to improve data normalization and accuracy."],["New event types, including \"NETWORK_HTTP,\" \"NETWORK_DHCP,\" and \"NETWORK_DNS,\" have been introduced, broadening the scope of network-related events that can be tracked."],["Various fields related to files, such as \"fsize,\" \"fileHash,\" \"fileType,\" and \"fname,\" have been mapped to specific target file properties, allowing for a better understanding of the files associated with events."],["A bug fix was implemented to update Grok for handling unparsed logs, ensuring more complete data capture and a newly created parser was implemented."]]],[]]
