Change log for F5_AFM
| Date | Changes |
|---|---|
| 2025-03-21 | Enhancement:
- Added Grok patterns to support new log formats. - Removed "icrd_child" and "logger" from conditional check of drop tag. - Mapped "desc" to "metadata.description". - Mapped "prin_port" to "principal.port". - Mapped "target_port" to "target.port". - Added conditional mapping for "protocol" to "network.ip_protocol" when the value is "TCP". - Mapped "ts2" to "metadata.event_timestamp". - Mapped "tls_ver" to "network.tls.version". - Mapped "cipher" to "network.tls.cipher". - Mapped "prod_event_type" to "metadata.product_event_type". - Mapped "path" to "target.url". - Mapped "response_size" to "network.sent_bytes". - Mapped "received_size" to "network.received_bytes". - Mapped "usr" to "principal.user.userid". - Mapped "schema_version" to "target.resource.attribute.labels". - Mapped "severity_info" to "security_result.severity_details". - Mapped "target_pid" to "target.process.pid". - Mapped "additional1" to "additional.fields". - Mapped "dvc" to "intermediary.hostname". - Added a Grok pattern to match IP before mapping "bigip_ip" to "intermediary.ip". - Mapped "metadata.event_type" to "USER_UNCATEGORIZED" when "has_principal_user" is "true". - Mapped "prin_ip" to "principal.ip" and "principal.asset.ip". |
| 2025-02-27 | Enhancement:
- Added support for CEF format logs. - Mapped "F5FlowID" to "additional.fields". - Mapped "F5TranslatedVlan" to "additional.fields". - Mapped "F5SrcTranslationType" to "additional.fields". - Mapped "F5SrcTranslationPool" to "additional.fields". - Mapped "F5SrcGeo" to "additional.fields". - Mapped "F5DstGeo" to "additional.fields". - Mapped "F5RouteDomain" to "additional.fields". |
| 2024-11-07 | Enhancement:
- Added support for CEF format logs. |
| 2024-04-05 | Enhancement:
- Added support to parse newly ingested unparsed logs. |
| 2023-09-11 | Enhancement:
- Mapped "Column12" to "security_result.detection_fields". - Mapped "Column14" to "security_result.action". |
| 2023-08-16 | Enhancement:
- Added Grok pattern to support new log formats. |
| 2023-05-05 | Newly created parser.
|