Change log for DOPE_SWG

Date	Changes
2025-03-12	Enhancement: - Added support for Json logs. - Mapped "schemaVersion" to "metadata.product_version". - Mapped "destination.matchedDestination" to "target.ip" and "target.asset.ip" if it's an IP address. - Mapped "destination.matchedDestination" to "target.hostname" and "target.asset.hostname" if it's not an IP address. - Mapped "destination.url" to "target.url". - Mapped "destination.destinationIP" to "target.ip" and "target.asset.ip" if it's an IP address. - Mapped "endpoint.tenantID" to "principal.asset.attribute.cloud.project.id". - Mapped "endpoint.agentID" to "principal.asset.asset_id" with a "DS:" prefix. - Mapped "endpoint.user" to "principal.user.userid". - Mapped "endpoint.deviceName" to "principal.hostname" and "principal.asset.hostname". - Mapped "endpoint.oidcUser" to "principal.user.email_addresses" if it's an email address. - Mapped "endpoint.oidcUser" to "principal.user.user_display_name" if it's not an email address. - Mapped "bandwidth.dataSentInBytes" to "network.sent_bytes". - Mapped "bandwidth.dataReceivedInBytes" to "network.received_bytes". - Mapped "policy.verdict" to "security_result.action" (mapping "1" to "BLOCK", "0" to "ALLOW", and "2" to "CHALLENGE"). - Mapped "policy.policyType" to "security_result.rule_type". - Mapped "policy.policyName" to "security_result.rule_name". - Mapped "policy.categories" to "additional.fields" as a list with key "policy_categories_values". - Mapped "request.duration" to "network.session_duration.seconds". - Mapped "request.httpVersion" to "network.http.user_agent". - Mapped "request.processName" to "principal.process.command_line". - Mapped "request.processTree" to "additional.fields" as a list with key "request_processTree_values".
2023-05-18	- Newly created parser.

Date

Changes

2025-03-12

Enhancement:
- Added support for Json logs.
- Mapped "schemaVersion" to "metadata.product_version".
- Mapped "destination.matchedDestination" to "target.ip" and "target.asset.ip" if it's an IP address.
- Mapped "destination.matchedDestination" to "target.hostname" and "target.asset.hostname" if it's not an IP address.
- Mapped "destination.url" to "target.url".
- Mapped "destination.destinationIP" to "target.ip" and "target.asset.ip" if it's an IP address.
- Mapped "endpoint.tenantID" to "principal.asset.attribute.cloud.project.id".
- Mapped "endpoint.agentID" to "principal.asset.asset_id" with a "DS:" prefix.
- Mapped "endpoint.user" to "principal.user.userid".
- Mapped "endpoint.deviceName" to "principal.hostname" and "principal.asset.hostname".
- Mapped "endpoint.oidcUser" to "principal.user.email_addresses" if it's an email address.
- Mapped "endpoint.oidcUser" to "principal.user.user_display_name" if it's not an email address.
- Mapped "bandwidth.dataSentInBytes" to "network.sent_bytes".
- Mapped "bandwidth.dataReceivedInBytes" to "network.received_bytes".
- Mapped "policy.verdict" to "security_result.action" (mapping "1" to "BLOCK", "0" to "ALLOW", and "2" to "CHALLENGE").
- Mapped "policy.policyType" to "security_result.rule_type".
- Mapped "policy.policyName" to "security_result.rule_name".
- Mapped "policy.categories" to "additional.fields" as a list with key "policy_categories_values".
- Mapped "request.duration" to "network.session_duration.seconds".
- Mapped "request.httpVersion" to "network.http.user_agent".
- Mapped "request.processName" to "principal.process.command_line".
- Mapped "request.processTree" to "additional.fields" as a list with key "request_processTree_values".

2023-05-18

- Newly created parser.