Stay organized with collections
Save and categorize content based on your preferences.
Change log for CISCO_UMBRELLA_AUDIT
Date
Changes
2024-01-10
Enhancement:
- Added support for DNS type logs.
- Mapped "date_time" to "metadata.event_timestamp".
- Mapped "most_granular_identity", "most_granular_identity_type", "identity_types" and "blocked_categories" to "additional.fields".
- Mapped "internal_ip" and "external_ip" to "principal.ip".
- Mapped "action_type" to "security_result.action_details".
- Mapped "dns_query_type" to "network.dns.questions.type".
- Mapped "dns_response_code" to "network.dns.response_code".
- Mapped "domain" to "network.dns.questions.name".
- Mapped "categories" to "security_result.category_details".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["The CISCO_UMBRELLA_AUDIT parser was initially created on 2023-02-28."],["On 2024-01-10, the parser was enhanced to add support for DNS type logs."],["Various fields were mapped to new locations within the data structure on 2024-01-10, including mappings for date_time, most_granular_identity, internal/external IP, action_type, and DNS information."],["On 2024-01-10, domain and categories were also mapped, with domain mapping to network.dns.questions.name, and categories mapping to security_result.category_details."]]],[]]
