Change log for CISCO_FIRESIGHT
| Date | Changes |
|---|---|
| 2024-06-25 | Enhancement:
- Added a Grok pattern to parse the new format logs. - If value of the field "sec_severity" is similar to "error", then set the value of the field "security_result.severity" to "ERROR". - Mapped "sec_desc" to "sec_result.description". - Mapped "app" to "principal.application". - Mapped "summary" to "sec_result.summary". |
| 2024-06-05 | Enhancement:
- Parsed unparsed syslogs by adding a new Grok pattern. |
| 2024-05-22 | Enhancement:
- Added a Grok pattern to parse dropped logs. - Mapped "product" to "vulnerabilities.vendor". - Mapped "descript" to "vulnerabilities.description". - Mapped "severity_detail" to "vulnerabilities.severity_details". - Mapped "inter" to "intermediary.hostname". - Mapped "eventId" to "metadata.product_event_type". - Mapped "DeviceUUID" to "metadata.product_log_id". - Mapped "InstanceID" to "target.asset_id". - Mapped "ApplicationProtocol" to "network.application_protocol". - Mapped "SrcIP" to "principal.ip" and "principal.asset.ip". - Mapped "DstIP" to "target.ip" and "target.asset.ip". - Mapped "SrcPort" to "principal.port". - Mapped "DstPort" to "target.port". - Mapped "Protocol" to "network.ip_protocol". - Mapped "InitiatorPackets" to "network.sent_packets". - Mapped "ResponderPackets" to "network.received_packets". - Mapped "InitiatorBytes" to "network.sent_bytes". - Mapped "ResponderBytes" to "network.received_bytes". - Mapped "URL" to "target.url". - Mapped "AccessControlRuleName" to "security_result.rule_name". - Mapped "ConnectionID" to "security_result.about.resource.attribute.labels". - Mapped "FirstPacketSecond" to "security_result.about.resource.attribute.labels". - Mapped "EventPriority" to "security_result.severity". - Mapped "WebApplication", "URLReputation", "EgressInterface", "IngressInterface", "ACPolicy", and "NAPPolicy" to "additional.fields". - Mapped "AccessControlRuleAction" to "security_result.action". |
| 2024-04-29 | Enhancement:
- Added support to handle new format of ingested logs. |
| 2023-09-21 | Enhancement:
- Mapped "proto_type" to "network.ip_protocol". - Added validation checks before mapping "entry.agent.type". - Removed repetitive code for "recordTypeCategory" and mapped "recordTypeCategory to "metadata.product_event_type". - Mapped "severity_code to "security_result.severity". - Mapped "service_type", "syslog_facility_code", "syslog_priority" to "additional.fields". - Mapped "entry_msg" to "metadata.description". |
| 2022-10-01 | Enhancement:
- Migrated customer specific to default parser. |