Change log for CISCO_WSA
| Date | Changes |
|---|---|
| 2025-08-12 | Enhancement:
- Added gsub to replace "\\r\\n" and "\\n" with "" in message field. - event.idm.read_only_udm.additional.fields:Removed mapping of "application" from "event.idm.read_only_udm.additional.fields" UDM field because the "mime_type" in raw logs was wrongly getting mapped to "event.idm.read_only_udm.additional.fields" UDM field with a key as "application". - Modified the existing grok pattern to correctly parse "mime_type" field for the raw logs by removing "application" field from the grok pattern. - Modified grok patterns to parse "session_id" field from raw logs. - event.idm.read_only_udm.network.session_id: Newly mapped "session_id" field with `event.idm.read_only_udm.network.session_id` UDM field. |
| 2025-07-21 | Enhancement:
- Modified a grok pattern to parse "mime_type" from raw logs. - event.idm.read_only_udm.target.file.mime_type : Newly mapped `mime_type` field with `event.idm.read_only_udm.target.file.mime_type` UDM field. |
| 2025-07-08 | Enhancement:
- Added GROK pattern to support new format of Syslog logs. - event.idm.read_only_udm.additional.fields: Newly mapped `cmf`, `dcf`, `err`, `case_name`, `total_bytes`, `request_size`, `transaction_disposition` and `application` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.network.sent_bytes: Newly mapped `bytes_sent` raw log field with `event.idm.read_only_udm.network.sent_bytes` UDM field. - event.idm.read_only_udm.network.received_bytes: Newly mapped `response_size` raw log field with `event.idm.read_only_udm.network.received_bytes` UDM field. - event.idm.read_only_udm.metadata.description: Newly mapped `description` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.network.http.referral_url: Newly mapped `referer_url` raw log field with `event.idm.read_only_udm.network.http.referral_url` UDM field. - event.idm.read_only_udm.intermediary.hostname, event.idm.read_only_udm.intermediary.asset.hostname: Newly mapped `wsa_hostname` raw log field with `event.idm.read_only_udm.intermediary.hostname`, `event.idm.read_only_udm.intermediary.asset.hostname` UDM field. |
| 2024-08-13 | Enhancement:
- Modified the Grok pattern to parse CSV data. |
| 2024-07-29 | - Newly created parser.
|