Change log for CISCO_STEALTHWATCH
| Date | Changes |
|---|---|
| 2025-07-29 | Enhancement:
- Added grok patterns to parse unparsed logs. - event.idm.read_only_udm.target.hostname: Newly mapped target_hostname raw log field to event.idm.read_only_udm.target.hostname. - event.idm.read_only_udm.target.mac: Newly mapped target_mac_address raw log field to event.idm.read_only_udm.target.mac. - event.idm.read_only_udm.principal.mac: Newly mapped source_mac_address raw log field to event.idm.read_only_udm.principal.mac. - event.idm.read_only_udm.security_result.severity: Newly mapped alarm_severity_id raw log field to event.idm.read_only_udm.security_result.severity. - event.idm.read_only_udm.principal.user.user_display_name: Newly mapped source_username raw log field to event.idm.read_only_udm.principal.user.user_display_name. - Consolidated all mapping for event.idm.read_only_udm.additional.fields. |
| 2024-10-29 | Enhancement:
- Added support to handle JSON logs. |
| 2024-09-26 | Enhancement:
- Added support to parse CEF format logs. |
| 2024-06-11 | Enhancement:
- Updated the Grok pattern to parse the "emc1502" value and mapped it to "principal.hostname". |
| 2023-06-19 | Enhancement:
- Mapped "sourceIPv4Address" to "principal.ip". - Mapped "SourceModuleType" to "observer.application". - Mapped "SourceModuleName" to "target.resource.name". - Mapped "MessageSourceAddress" to "principal.ip". - Mapped "SourcePort" to "principal.port". - Mapped "Version" to "metadata.product_version". - Mapped "DestPort" to "target.port". - Mapped "DestIPv4Address" to "target.ip". - Mapped "ProtocolIdentifier" to "network.ip_protocol". - Mapped "inputSNMPIface", "outputSNMPIface", "InPackets" to "additional.fields". |
| 2023-02-10 | FIX -
- Added new Grok patterns to parse NFS and SMB protocol type logs. |
| 2022-07-06 | Enhancement-Added mappings for unparsed log (audit, alarm).
FC_Name mapped to principal.user.userid. src mapped to principal.ip. dst mapped to target.ip. Source_HG mapped to principal.location.country_or_region. category mapped to security_result.category_details. details mapped to metadata.description. vendor_severity Minor mapped to security_result.severity (INFORMATIONAL). vendor_severity Major mapped to security_result.severity (ERROR). Added Event_type USER_UNCATEGORIZED for unparsed log. Added additional field Alarm_ID. |