Change log for CISCO_SDWAN
| Date | Changes |
|---|---|
| 2025-03-19 | Enhancement:
- Added Grok patterns to parse the logs. - Mapped "username1" to "target.user.userid". - Mapped "security_result.action" to "ALLOW" or "BLOCK" based on the message. - Mapped "metadata.event_type" to "USER_LOGIN" when the message contains "success" and "has_principal" and "has_user" are true. - Mapped "metadata.event_type" to "USER_LOGOUT" when the message contains "LOGOUT" and "has_principal" and "has_user" are true. |
| 2025-03-04 | Enhancement:
- Mapped "timestamp" to "metadata.event_timestamp". - Mapped "ip_1" to "principal.ip" and "principal.asset.ip". - Mapped "ip_2" to "target.ip" and "target.asset.ip". - Mapped "port_1" to "principal.port". - Mapped "port_2" to "target.port" - Mapped "system_ip" to "principal.ip" and "principal.asset.ip". - Mapped "instance_id" to "target.resource.product_object_id". - Mapped "message_1" to "metadata.description". - Mapped "network_protocol" to "network.ip_protocol". - Mapped "hostname" to "principal.hostname". - Mapped "classification" to "security_result.category_details". - Mapped "priority" to "security_result.severity". - Mapped "policy" to "security_result.detection_fields". - Mapped "malware" to "security_result.detection_fields". - Mapped "filename" to "target.file.names". - Mapped "filetype" to "target.process.file.mime_type". |
| 2025-02-24 | - Added support to parse the unparsed logs.
|
| 2025-01-16 | - Newly created parser.
|