Change log for DELL_SWITCH
| Date | Changes |
|---|---|
| 2024-10-09 | Enhancement:
- Added a Grok pattern to parse a new type of logs. - Mapped "Eventid" to "metadata.product_log_id". - Mapped "Eventseverity" to "security_result.severity". - Mapped "Computer" to "principal.hostname" and "principal.asset.hostname". - Mapped "Program" to "principal.application". - Mapped "Description" to "security_result.description". |
| 2024-08-20 | Enhancement:
- Added support to handle unparsed SYSLOG logs. |
| 2024-04-25 | Enhancement:
- Added Grok patterns to parse a new log type. - Mapped "op" to "metadata.product_event_type". - Mapped "mac" to "principal.mac". - Mapped "addr" to "principal.ip". - Mapped "hostname" to "principal.ip". - Mapped "server_ip" to "principal.ip". - Mapped "server_port" to "principal.port". - Mapped "acct" to "principal.user.userid". - Mapped "target_ip" to "target.ip". - Mapped "local_ip" to "target.ip". - Mapped "local_port" to "target.port". - Mapped "File" to "target.file.full_path". - Mapped "target_host" to "target.hostname". - Mapped "target_user_id" to "target.user.userid". - Mapped "Server_ID" to "target.resource.product_object_id". - Mapped "tzknown", "is_synced" and "exe" to "security_result.detection_fields". - Mapped "res" to "security_result.summary". - If value of the field "res" is "", then mapped "status" to "security_result.summary". - Mapped "uid", "enterpriseId", "auid", "terminal", "subj", "grantors", and "ID" to "principal.resource.attribute.labels". |
| 2024-04-04 | - Added Grok patterns to parse new log type.
- Mapped "prod_event_type" to "metadata.product_event_type". - Mapped "ip" to "principal.ip". - Mapped "dest_ip" to "target.ip". - Mapped "target_url" to "target.url". - Mapped "sec_description" to "security_result.description". - Mapped "action_details" to "security_result.action_details". |
| 2024-01-04 | - Added Grok patterns for newly ingested logs.
- Added date block when "datetime" is in "SYSLOGTIMESTAMP" format. - Mapped "softwareName" to "principal.asset.software.name". - Mapped "swVersion" to "principal.asset.software.version". - Mapped "port" to "principal_port". - Mapped "user" to "principal.user.userid" and set "metadata.event_type" to "USER_UNCATEGORIZED" when "user" is present. - Mapped "application" to "principal.application". - Mapped "ip" to "principal.ip". - Set "sec_result.severity" to "INFORMATIONAL" when "severity" is "IFMGR-5-OSTATE_DN". - Mapped "msg" to "metadata.description". |
| 2023-11-02 | - Newly created parser.
|