Stay organized with collections
Save and categorize content based on your preferences.
Change log for CISCO_UMBRELLA_AUDIT
Date
Changes
2025-08-21
Enhancement:
- Added a grok pattern to support new format of logs.
- Added a condition to map event_type to "NETWORK_DNS" if "network_dns_details_present" is equal to "true".
- Added a condition to map event_type to "STATUS_UPDATE" if "has_principal" is equal to "true".
2024-01-10
Enhancement:
- Added support for DNS type logs.
- Mapped "date_time" to "metadata.event_timestamp".
- Mapped "most_granular_identity", "most_granular_identity_type", "identity_types" and "blocked_categories" to "additional.fields".
- Mapped "internal_ip" and "external_ip" to "principal.ip".
- Mapped "action_type" to "security_result.action_details".
- Mapped "dns_query_type" to "network.dns.questions.type".
- Mapped "dns_response_code" to "network.dns.response_code".
- Mapped "domain" to "network.dns.questions.name".
- Mapped "categories" to "security_result.category_details".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe CISCO_UMBRELLA_AUDIT parser was initially created on 2023-02-28.\u003c/p\u003e\n"],["\u003cp\u003eOn 2024-01-10, the parser was enhanced to add support for DNS type logs.\u003c/p\u003e\n"],["\u003cp\u003eVarious fields were mapped to new locations within the data structure on 2024-01-10, including mappings for date_time, most_granular_identity, internal/external IP, action_type, and DNS information.\u003c/p\u003e\n"],["\u003cp\u003eOn 2024-01-10, domain and categories were also mapped, with domain mapping to network.dns.questions.name, and categories mapping to security_result.category_details.\u003c/p\u003e\n"]]],[],null,["# Change log for CISCO_UMBRELLA_AUDIT\n==================================="]]
